b'            SPECIAL REPORTS RELATING TO THE\n         FEDERAL EMPLOYEES\' COMPENSATION ACT\n                  SPECIAL BENEFIT FUND\n\n\n           APRIL 30, 2002 AND SEPTEMBER 30, 2002\n\n\n\n\n                                              U.S. Department of Labor\n                                             Office of Inspector General\n                                       Report Number: 22-03-001-04-431\n                                          Date Issued: November 8, 2002\n\n                                                      Carmichael\n                                                   Brasher Tuvell\nCertified Public Accountants                         & Company\n\x0cThese reports were prepared by Carmichael, Brasher, Tuvell & Company, Certified Public Accountants,\nunder contract to the Inspector General, and, by acceptance, it becomes a report of the Office of Inspector\nGeneral.\n\n\n\n                                                                    _______________________________\n                                                                    Deputy Inspector General for Audit\n\x0c                                                                          Carmichael\n                                                                       Brasher Tuvell\nCertified Public Accountants                                            & Company\n                                    Table of Contents\n\nAcronyms                                                                             i\n\n\nI.     A. Independent Auditors\' Report on the Schedule of Actuarial Liability,\n              Net Intra-Governmental Accounts Receivable and Benefit Expe nse        1\n\n       B. Schedule of Actuarial Liability, Net Intra-Governmental Accounts\n              Receivable and Benefit Expense                                         2\n\nII.    A. Independent Accountants\' Report on Applying Agreed-Upon Procedures         7\n\n       B. Schedules\n             1. Schedule of Actuarial Liability by Agency                            9\n             2. Schedule of Net Intra -Governmental Accounts Receivable by Agency   11\n             3. Schedule of Benefit Expense by Agency                               13\n\n       C. Agreed-Upon Procedures and Results\n            Summary                                                                 15\n            Actuarial Liability                                                     16\n            Net Intra-Governmental Accounts Receivable                              21\n            Benefit Expense                                                         23\n\nIII.   A. Independent Service Auditors\' Report                                      25\n\n       B. Division of Federal Employees\' Compensation\xe2\x80\x99s Policies and Procedures\n             Overview of Services Provided                                          27\n             Overview of Control Environment                                        31\n             Overview of Transaction Processing                                     35\n             Overview of Computer Information Systems                               41\n             Control Objectives and Related Policies and Procedures                 44\n             User Control Considerations                                            44\n\n       C.    Information Provided by the Service Auditor\n             Tests of Control Environment Elements                                  45\n             Sampling Methodology                                                   46\n             Control Objectives, Related Policies and Procedures,\n                 and Tests of Described Policies and Procedures                     50\n             General Computer Controls                                              51\n             Transaction Processing Controls                                        66\n\x0c                                    ACRONYMS\n\n\n\nACPS      Automated Compensation Payment System\nACS       Affiliated Computer Services, Inc.\nADP       Automatic Data Processing\nAID       Agency for International Development\nBPS       Bill Payment System\nBLS       Bureau of Labor Statistics\nCBS       Chargeback System\nCE        Claims Examiner\nCFO       Chief Financial Officer\nCFR       Code of Federal Regulations\nCMF       Case Manageme nt File System\nCOLA      Cost of Living Allowance\nCOP       Continuation of Pay\nCPI       Consumer Price Index\nCPI-U     Consumer Price Index for all Urban Consumers\nCPI-Med   Consumer Price Index for Medical\nDITMS     Division of Information Technology Management and Services\nDCE       Designated Claims Examiner\nDD        District Director\nDFEC      Division of Federal Employees\' Compensation\nDMA       District Medical Advisor\nDMD       District Medical Director\nDO        District Office\nDOL       United States Department of Labor\nDOLAR$    Department of Labor Accounting and Related Systems\nDPPS      Division of Planning, Policy and Standards\nDRP       Disaster Recovery Plan\nEDP       Electronic Data Processing\nEPA       Environmental Protection Agency\nESA       Employment Standards Administration\nFCS       Fund Control System\nFECA      Federal Employees\' Compensation Act\nFEMA      Federal Emergency Management Agency\nFISCAM    Federal Information System Controls Application Manual\nFMFIA     Federal Managers\' Financial Integrity Act\nGSA       General Services Administration\n\n\n\n\n                                           i\n\x0c                                     ACRONYMS\n\n\nHBI       Health Benefit Ins urance\nHHS       U.S. Department of Health and Human Services\nHUD       U.S. Department of Housing and Urban Development\nIBNR      Incurred But Not Reported\nIS        Information Systems\nLBP       Liability Benefits Paid (ratio)\nLWEC      Loss of Wage Earning Capacity\nNASA      National Aeronautics and Space Administration\nNRC       Nuclear Regulatory Commission\nNSF       National Science Foundation\nOIG       Office of Inspector General\nOLI       Optional Life Insurance\nOMAP      Office of Management and Planning\nOMB       Office of Management and Budget\nOPAC      On-line Payment and Collection System\nOPM       Office of Personnel Management\nOWCP      Office of Workers\' Compensation Programs\nRS        Rehabilitation Specialist\nSAS 70    Statement on Auditing Standards, Number 70\nSBA       Small Business Administration\nSCE       Senior Claims Examiner\nSDLC      System Development Life Cycle\nSFFAS     Statement of Federal Financial Accounting Standards\nSOL       Solicitor of Labor\nSSA       Social Security Administration\nSunGard   SunGard eSourcing, Inc.\nTTD       Temporary Total Disability\nU.S.C.    United States Code\nUSPS      United States Postal Service\nVA        U.S. Department of Veterans Affairs\n\n\n\n\n                                            ii\n\x0c[This page intentionally left blank.]\n\x0c                                                                                     Carmichael\n                                                                                  Brasher Tuvell\nCertified Public Accountants                                                       & Company\n                                                                                           678-443-9200\n                                                                                 Facsimile 678-443-9700\n                                                                                       www.cbtcpa.com\n                                    SECTION IA\n                       INDEPENDENT AUDITORS\' REPORT ON THE\n                         SCHEDULE OF ACTUARIAL LIABILITY,\n                  NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                               AND BENEFIT EXPENSE\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have audited the accompanying Schedule of Actuarial Liability, Net Intra-Governmental Accounts\nReceivable and Benefit Expense (the Schedule) of the Federal Employees\' Compensation Act Special\nBenefit Fund as of and for the year ended September 30, 2002. This schedule is the responsibility of\nthe U.S. Department of Labor\'s management. Our responsibility is to express an opinion on this\nschedule based on our audit.\n\nWe conducted our audit in accordance with auditing standards generally accepted in the United States\nof America, the standards applicable to financial audits contained in Government Auditing Standards,\nissued by the Comptroller General of the United States, and the applicable provisions of OMB\nBulletin 01-02, Audit Requirements for Federal Financial Statements. Those standards require that\nwe plan and perform the audit to obtain reasonable assurance about whether the Schedule of Actuarial\nLiability, Net Intra-Governmental Accounts Receivable and Benefit Expense is free of material\nmisstatement. An audit includes examining, on a test basis, evidence supporting the amounts and\ndisclosures in the Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and\nBenefit Expense. An audit also includes assessing the accounting principles used and significant\nestimates made by management, as well as evaluating the overall schedule presentation. We believe\nthat our audit provides a reasonable basis for our opinion.\n\nIn our opinion, the Schedule of Actuarial Liability, Net Intra-Governmental Accounts Receivable and\nBenefit Expense referred to above presents fairly, in all materia l respects, the actuarial liability, net\nintra- governmental accounts receivable and benefit expense of the Federal Employees\' Compensation\nAct Special Benefit Fund as of and for the year ended September 30, 2002, in conformity with\naccounting principles ge nerally accepted in the United States of America.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, General\nAccounting Office, Office of Management and Budget and those Federal agencies listed in Section\nIIB of this report and is not intended to be and should not be used by anyone other than these specified\nparties.\n\n\n\n\nOctober 31, 2002\n                                                     1\n               1647 Mount Vernon Road, Dunwoody Exchange, Atlanta, Georgia 30338\n\x0c                              SECTION IB\n                     U.S. DEPARTMENT OF LABOR\n              EMPLOYMENT STANDARDS ADMINISTRATION\n              FEDERAL EMPLOYEES\' COMPENSATION ACT\n                        SPECIAL BENEFIT FUND\n                 SCHEDULE OF ACTUARIAL LIABILITY,\n          NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                        AND BENEFIT EXPENSE\n          AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n\n                                                                             (Dollars in\n                                                                            Thousands)\n\n\nActuarial Liability                                                    $ 24,807,367\n\n\nNet Intra- governmental Accounts Receivable                                $ 3,544,179\n\n\nBenefit Expense                                                            $ 2,120,262\n\n\n\n\n                       See independent auditors\' report.\n           The accompanying notes are an integral part of this schedule.\n                                         2\n\x0c                                SECTION IC\n              NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n              NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                           AND BENEFIT EXPENSE\n              AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n1.   SIGNIFICANT ACCOUNTING POLICIES\n\n     a.   Basis of Presentation\n\n     This schedule has been prepared to report the actuarial liability, net intra-governmental\n     accounts receivable and benefit expense of the Federal Employees\' Compensation Act (FECA)\n     Special Benefit Fund, as required by the CFO Act of 1990. The Special Benefit Fund was\n     established by the Federal Employees\' Compensation Act to provide for the financial needs\n     resulting from compensation and medical benefits authorized under the Act. The U.S.\n     Department of Labor (DOL), Employment Standards Administration (ESA) is charged with\n     the responsibility of operating the Special Benefit Fund under the provisions of the Act. The\n     schedule has been prepared from the accounting records of the Special Benefit Fund.\n\n     The actuarial liability, net intra-governmental accounts receivable and benefit expense of the\n     Special Benefit Fund have been considered specified accounts for the purpose of this special\n     report and have been reported thereon. ESA is responsible for providing annual data to the\n     CFO Act and other specified agencies. FECA\'s annual data is defined as the actuarial liability\n     of the Special Benefit Fund. This annual data is necessary for the CFO Act and other specified\n     agencies to support and prepare their respective financial statements.\n\n     The actuarial liability for future workers\' compensation benefits is an accrued estimate as of\n     September 30, 2002. The net intra- governmental accounts receivable is the amount due from\n     Federal agencies for benefit payments paid to employees of the employing agency. The net\n     intra- governmental accounts receivable includes amounts which were billed to the employing\n     agencies through June 30, 2002, but not paid as of September 30, 2002, including prior years,\n     if applicable, plus the accrued receivable for benefit payments not yet billed for the period\n     July 1, 2002 through September 30, 2002, less credits due from the public. Benefit expense\n     consists of benefits paid and accrued for the period from October 1, 2001 to\n     September 30, 2002, plus the net change in the actuarial liability for the year.\n\n     Benefit payments are intended to provide income and medical cost protection to covered\n     Federal civilian employees injured on the job, employees who have incurred a work-related\n     occupational disease and beneficiaries of employees whose death is attributable to job-related\n     injury or occupational disease. The actuarial liability is computed from the benefits paid\n     history. The benefits paid, inflation and interest rate assumptions, and other economic factors\n     are applied to the actuarial model that calculates the liability estimate.\n\n\n\n\n                                                3\n\x0c                                SECTION IC\n              NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n              NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                           AND BENEFIT EXPENSE\n              AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n     b.    Basis of Accounting\n\n     The accounting and reporting policies of the Federal Employees\' Compensation Act Special\n     Benefit Fund relating to the Schedule conforms to accounting principles generally accepted in\n     the United States of America.\n\n     Statement of Federal Financial Accounting Standards (SFFAS) Number 5, Section 138,\n     Accounting for Liabilities of the Federal Government, requires that a contingent liability be\n     recognized when three conditions are met. First, a past event or exchange transaction has\n     occurred. Second, a future outflow or other sacrifice of resources is probable. Finally, the\n     future outflow or sacrifice of resources is measurable. Claims that have been incurred but not\n     reported (IBNR) are included in the actuarial liability. Therefore, the actuarial liability\n     represents the estimated present value of future compensation and medical payments based\n     upon approved claims, plus a component for incurred but not reported claims.\n\n\n2.   ACTUARIAL LIABILITY (FUTURE WORKERS\' COMPENSATION BENEFITS)\n\n     The Special Benefit Fund was established under the authority of the Federal Employees\'\n     Compensation Act to provide income and medical cost protection to covered Federal civilian\n     employees injured on the job, emplo yees who have incurred a work-related occupational\n     disease and beneficiaries of employees whose death is attributable to a job-related injury or\n     occupational disease. The fund is reimbursed by other Federal agencies for the FECA benefit\n     payments made on behalf of their workers.\n\n     The actuarial liability for future workers\xe2\x80\x99 compensation reported on the schedule includes the\n     expected liability for death, disability, medical and miscellaneous costs for approved cases.\n     The liability is determined using a method that utilizes historical benefit payment patterns\n     related to a specific incurred period to predict the ultimate payments related to that period.\n\n     Consistent with past practice, these projected annual benefit payments have been discounted to\n     present value using the Office of Management and Budget\'s (OMB) economic assumptions for\n     10-year Treasury notes and bonds. The interest rate assumptions utilized for discounting was\n     5.2% in year 1 and thereafter.\n\n     To provide more specifically for the effects of inflation on the liability for future workers\'\n     compensation benefits, wage inflation factors (cost of living allowance or COLA) and medical\n     inflation factors (consumer price index- medical or CPI-Med) are applied to the calculation of\n     projected future benefits. These factors are also used to adjust the historical payments to\n     current year constant dollars. The liability is determined assuming an annual payment at mid-\n     year.\n                                               4\n\x0c                               SECTION IC\n             NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n             NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                          AND BENEFIT EXPENSE\n             AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n    The compensation COLA and the CPI-Med used in the model\'s calculation of estimates were\n    as follows:\n\n                           FY        COLA          CPI-Med\n\n                          2003       1.80%         4.31%\n                          2004       2.67%         4.01%\n                          2005+      2.40%         4.01%\n\n    The medical inflation rates presented represent an average of published quarterly rates\n    covering the benefit payment fiscal year. The compensation factors presented are the blended\n    rates used by the model rather than the published March 1 FECA-COLA factor from which the\n    blended rates are derived.\n\n3. NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n\n    Net intra-governmental accounts receivable is the total of the amounts billed to Federal\n    agencies through June 30, 2002 but had not been paid as of September 30, 2002, including\n    prior year\xe2\x80\x99s amounts billed, if applicable, plus the accrued receivable for benefit payments not\n    yet billed for the period July 1, 2002 through September 30, 2002, less applicable credits. The\n    Special Benefit Fund also receives an appropriation for special cases where employing\n    agencies and older cases are not charged for benefit payments.\n\n    Federal agencies either receive funding for FECA benefits as part of their annual appropriation\n    or if the agency does not receive an appropriation specifically for FECA benefits, the amount\n    of the current chargeback billing is recognized as an expense.\n\n    In addition, certain corporations and instrumentalities are assessed under the Federal\n    Employees\' Compensation Act for a fair share of the costs of administering disability claims\n    filed by their employees. The fair share costs are included in the net intra-governmental\n    accounts receivable.\n\n\n\n\n                                               5\n\x0c                                SECTION IC\n              NOTES TO THE SCHEDULE OF ACTUARIAL LIABILITY,\n              NET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n                           AND BENEFIT EXPENSE\n              AS OF AND FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n\n4.   BENEFIT EXPENSE\n\n     Benefits paid and accrued consists of benefit payments for compensation for lost wages,\n     schedule awards, death benefits and medical benefits paid and accrued under FECA for the\n     period October 1, 2001 through September 30, 2002, plus the net change in the actuarial\n     liability for the year. The amount paid and accrued for compensation for lost wages, schedule\n     awards, death benefits and medical benefits totaled $2.291 billion. The net change in the\n     actuarial liability for the year was a decrease of $187 million. Benefit expense for the fiscal\n     year was $2.120 billion.\n\n\n\n\n                                                6\n\x0c                                                                                  Carmichael\n                                                                               Brasher Tuvell\nCertified Public Accountants                                                    & Company\n                                                                                        678-443-9200\n                                                                              Facsimile 678-443-9700\n                                                                                    www.cbtcpa.com\n\n                                     SECTION IIA\n                         INDEPENDENT ACCOUNTANTS\' REPORT\n                        ON APPLYING AGREED-UPON PROCEDURES\n\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor,\nGeneral Accounting Office, Office of Management and Budget and Other Specified Agencies:\n\nWe have performed the procedures described in the Agreed-Upon Procedures and Results, Section\nIIC, which were agreed to by the U.S. Department of Labor, General Accounting Office, Office of\nManagement and Budget, the CFO Act agencies and other specified agencies listed in the Schedules\nof Actuarial Liability by Agency, Net Intra-Governmental Accounts Receivable by Agency and\nBenefit Expense by Agency, Section IIB-1, 2 and 3 (the parties specified) of this special report, solely\nto assist you and such agencies with respect to the accompanying Schedules of Actuarial Liability by\nAgency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency\n(Section IIB-1, 2 and 3, respectively) of the Federal Employees\' Compensation Act Special Benefit\nFund as of and for the year ended September 30, 2002.\n\nThe Department of Labor is responsible for the Schedules (Section IIB-1, 2 and 3). The Schedule of\nActuarial Liability by Agency at September 30, 2002, represents the present value of the estimated\nfuture benefits to be paid pursuant to the Federal Employees\' Compensation Act. The Schedule of Net\nIntra-Governmental Accounts Receivable by Agency is the total of the amounts billed to Federal\nagencies through June 30, 2002 which had not yet been paid as of September 30, 2002 plus the\naccrued receivable for benefit payments not yet billed for the period July 1, 2002 through\nSeptember 30, 2002. The Schedule of Benefit Expense by Agency is the benefits paid and accrued for\nthe fiscal year ended September 30, 2002, plus the net change in the actuarial liability for the year.\n\nThis agreed- upon procedures engagement was conducted in accordance with attestation standards\nestablished by the American Institute of Certified Public Accountants and with Government Auditing\nStandards, issued by the Comptroller General of the United States.\n\nAn actuary was engaged to perform certain procedures relating to the actuarial liability as described in\nSection IIC.\n\nWe express no opinion on the Federal Employees\' Compensation Act Special Benefit Fund\'s internal\ncontrols over financial reporting or any part thereof.\n\n\n\n\n                                                   7\n              1647 Mount Vernon Road, Dunwoody Exchange, Atlanta, Georgia 30338\n\x0cThe sufficiency of the procedures is solely the responsibility of the parties specified in this report.\nConsequently, we make no representation regarding the sufficiency of the procedures described in\nSection IIC either for the purpose for which this report has been requested or for any other purpose.\nOur agreed-upon procedures and results are presented in Section IIC of this report.\n\nWe were not engaged to, and did not perform an audit of the Schedules of Actuarial Liability by\nAgency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency,\nthe objective of which is the expression of an opinion on the Schedules or a part thereof. Accordingly,\nwe do not express such an opinion. Had we performed additional procedures, other matters might\nhave come to our attention that would have been reported to you.\n\nThis report should not be used by those who have not agreed to the procedures and taken\nresponsibility for the sufficiency of the procedures for their purposes. This report is intended solely\nfor the information and use of the U.S. Department of Labor, General Accounting Office, Office of\nManagement and Budget and those Federal agencies (listed in Section IIB) of this report and is not\nintended to be and should not be used by anyone other than these specified parties.\n\n\n\n\nOctober 31, 2002\n\n\n\n\n                                                  8\n\x0c                                    SECTION IIB-1\n                            U.S. DEPARTMENT OF LABOR\n                      EMPLOYMENT STANDARDS ADMINISTRATION\n                      FEDERAL EMPLOYEES\' COMPENSATION ACT\n                               SPECIAL BENEFIT FUND\n                    SCHEDULE OF ACTUARIAL LIABILITY BY AGENCY\n                             AS OF SEPTEMBER 30, 2002\n\n\n                                                                Actuarial\n                                                                Liability\nAGENCY                                                    (Dollars in thousands)\nAgency for International Development (AID)                               $28,251\n\nEnvironmental Protection Agency (EPA)                                    39,457\nFederal Emergency Management Agency (FEMA)                               28,661\nGeneral Services Administration (GSA)                                   191,324\nNational Aeronautics and Space Administration (NASA)                     67,280\nNational Science Foundation (NSF)                                           1,637\nNuclear Regulatory Commission (NRC)                                         9,062\nOffice of Personnel Management (OPM)                                     13,285\nUnited States Postal Service (USPS)                                   7,653,191\nSmall Business Administration (SBA)                                      31,487\nSocial Security Administration (SSA)                                    280,549\nTennessee Valley Authority                                              652,098\nU. S. Department of Agriculture                                         861,620\nU. S. Department of the Air Force                                     1,476,884\nU. S. Department of the Army                                          1,929,082\nU. S. Department of Commerce                                            190,687\nU. S. Department of Defense \xe2\x80\x93 other                                     904,925\nU. S. Department of Education                                            21,665\nU. S. Department of Energy                                               92,442\nU. S. Department of Health and Human Services                           276,699\nU. S. Department of Housing and Urban Development                        80,994\nU. S. Department of the Interior                                        658,501\nU. S. Department of Justice                                           1,204,284\n\n\n                                                 9\n\x0c                                                SECTION IIB-1\n                                        U.S. DEPARTMENT OF LABOR\n                                  EMPLOYMENT STANDARDS ADMINISTRATION\n                                  FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                           SPECIAL BENEFIT FUND\n                                SCHEDULE OF ACTUARIAL LIABILITY BY AGENCY\n                                         AS OF SEPTEMBER 30, 2002\n\n                                                                                                                 Actuarial\n                                                                                                                 Liability\n    AGENCY                                                                                                  (Dollars in thousands)\n    U. S. Department of Labor                                                                                              $272,977\n    U. S. Department of the Navy                                                                                         2,872,301\n    U. S. Department of State                                                                                               56,259\n    U. S. Department of Transportation                                                                                   1,151,854\n    U. S. Depa rtment of the Treasury                                                                                    1,076,954\n    U. S. Department of Veterans Affairs (VA)                                                                            1,762,577\n    Other agencies 1                                                                                                       920,380\n    Total - all agencies (Memo Only)                                                                                  $24,807,367\n\n\n\n\n                                                                              10\n1\n    Non-billable and other agencies for which ESA has not individually calculated an actuarial liability.\n\x0c                                                     SECTION IIB-2\n                                             U.S. DEPARTMENT OF LABOR\n                                      EMPLOYMENT STANDARDS ADMINISTRATION\n                                      FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                                SPECIAL BENEFIT FUND\n                                       SCHEDULE OF NET INTRA-GOVERNMENTAL\n                                          ACCOUNTS RECEIVABLE BY AGENCY\n                                              AS OF SEPTEMBER 30, 2002\n\n\n                                                                                                             Amounts                     Net Intra-\n                                                                                      Amounts               Expended        Credits     Governmental\n                                                                                     Billed Not              Not Yet       Due from       Accounts\n                                                                                     Yet Paid(1)             Billed (2)    Public (3)   Receivable(4)\n                                                                                     (Dollars in            (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                              thousands)             thousands)    thousands)     thousands)\n Agency for International Development                                                     $5,585                   $860         $(24)           $6,421\n\n Environmental Protection Agency                                                               6,608             1,264           (30)            7,842\n\n Federal Emergency Management Agency                                                           5,117               803           (25)            5,895\n\n General Services Administration                                                             32,330              4,558         (145)            36,743\n\n National Aeronautics and Space Administration                                               13,907              1,869           (61)           15,715\n\n National Science Foundation                                                                      221               34            (1)             254\n\n Nuclear Regulatory Commission                                                                 1,599               217            (7)            1,809\n\n Office of Personnel Management                                                                2,101               286           (10)            2,377\n\n United States Postal Service                                                                80,507            248,129        (7,187)          321,449\n\n Small Business Administration                                                                 4,746               647           (21)            5,372\n\n Social Security Administration                                                              41,113              6,458         (195)            47,376\n\n Tennessee Valley Authority                                                                  69,780             18,014         (570)            87,224\n\n U. S. Department of Agriculture                                                            136,222             21,460         (636)           157,046\n\n U. S. Department of the Air Force                                                          266,645             40,243        (1,213)          305,675\n\n U. S. Department of the Army                                                               299,611             42,943        (1,283)          341,271\n\n U. S. Department of Commerce                                                                35,304              4,777         (143)            39,938\n\n U. S. Department of Defense - other                                                        161,195             23,866         (727)           184,334\n\n U. S. Department of Education                                                                 4,235               491           (15)            4,711\n\n U. S. Department of Energy                                                                  15,243              2,530           (81)           17,692\n\n U. S. Department of Health and Human Services                                               43,855              6,926         (202)            50,579\n\n                                                                                    11\n1 Amounts billed through June 30, 2002 (including prior years) but not yet paid as of September 30, 2002.\n2 Amounts paid and accrued but not yet billed for t he period July 1, 2002 through September 30, 2002.\n3 Allocation of credits due from public through September 30, 2002.\n4 Total amount due to the fund for each agency as of September 30, 2002.\n\x0c                                                     SECTION IIB-2\n                                             U.S. DEPARTMENT OF LABOR\n                                      EMPLOYMENT STANDARDS ADMINISTRATION\n                                      FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                                SPECIAL BENEFIT FUND\n                                       SCHEDULE OF NET INTRA-GOVERNMENTAL\n                                          ACCOUNTS RECEIVABLE BY AGENCY\n                                              AS OF SEPTEMBER 30, 2002\n\n\n                                                                                                             Amounts                      Net Intra-\n                                                                                      Amounts               Expended         Credits     Governmental\n                                                                                     Billed Not              Not Yet        Due from       Accounts\n                                                                                     Yet Paid(1)             Billed (2)     Public (3)   Receivable(4)\n                                                                                     (Dollars in            (Dollars in    (Dollars in    (Dollars in\n AGENCY                                                                              thousands)             thousands)     thousands)     thousands)\n U. S. Department of Housing and Urban Development                                       $15,154                  $2,328         $(71)          $17,411\n\n U. S. Department of the Interior                                                           102,865              17,080         (481)           119,464\n\n U. S. Department of Justice                                                                186,097              30,366         (875)           215,588\n\n U. S. Department of Labor                                                                   47,686               8,679         (250)            56,115\n\n U. S. Department of the Navy                                                               495,132              73,285        (2,272)          566,145\n\n U. S. Department of State                                                                   15,583               2,536           (67)           18,052\n\n U. S. Department of Transportation                                                         201,271              30,361         (931)           230,701\n\n U. S. Department of the Treasury                                                           171,364              27,504         (807)           198,061\n\n U. S. Department of Veterans Affairs                                                       296,499              46,951        (1,388)          342,062\n\n Other agencies                                                                             122,135              19,318         (596)           140,857\n\n Total - all agencies (Memo Only)                                                      $2,879,710             $684,783      $(20,314)        $3,544,179\n\n\n\n\n                                                                                    12\n1 Amounts billed through June 30, 2002 (including prior years) but not yet paid as of September 30, 2002.\n2 Amounts paid and accrued but not yet billed for t he period July 1, 2002 through September 30, 2002.\n3 Allocation of credits due from public through September 30, 2002.\n4 Total amount due to the fund for each agency as of September 30, 2002.\n\x0c                                        SECTION IIB-3\n                                U.S. DEPARTMENT OF LABOR\n                         EMPLOYMENT STANDARDS ADMINISTRATION\n                         FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                   SPECIAL BENEFIT FUND\n                         SCHEDULE OF BENEFIT EXPENSE BY AGENCY\n                          FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n                                                          Benefits     Change in         Total\n                                                          Paid and      Actuarial       Benefit\n                                                          Accrued       Liability      Expense\n                                                         (Dollars in   (Dollars in    (Dollars in\nAGENCY                                                   thousands)    thousands)     thousands)\nAgency for International Development                          $2,608       $(2,654)           $(46)\n\nEnvironmental Protection Agency                                3,530          (176)           3,354\n\nFederal Emergency Management Agency                            2,804         3,420            6,224\n\nGeneral Services Administration                               15,776        (7,529)           8,247\n\nNational Aeronautics and Space Administration                  6,563        (2,392)           4,171\n\nNational Science Foundation                                      113          (169)            (56)\n\nNuclear Regulatory Commission                                    735        (1,787)         (1,052)\n\nOffice of Personnel Management                                 1,033          (467)             566\n\nUnited States Postal Service                                 805,575       253,721        1,059,296\n\nSmall Business Administration                                  2,236          (768)           1,468\n\nSocial Security Administration                                21,578         2,204           23,782\n\nTennessee Valley Authority                                    62,209        (5,432)          56,777\n\nU. S. Department of Agriculture                               71,309       (17,343)          53,966\n\nU. S. Department of the Air Force                            134,089       (53,009)          81,080\n\nU. S. Department of the Army                                 177,858       (26,101)         151,757\n\nU. S. Department of Commerce                                  15,588       (33,029)        (17,441)\n\nU. S. Department of Defense - other                           64,444       (49,191)          15,253\n\nU. S. Department of Education                                  1,572        (1,058)             514\n\nU. S. Department of Energy                                     8,563        (3,306)           5,257\n\nU. S. Department of Health and Human Services                 22,720       (16,656)           6,064\n\nU. S. Department of Housing and Urban Development              8,004        (3,764)           4,240\n\nU. S. Department of the Interior                              54,930        (4,970)          49,960\n\n\n\n                                                    13\n\x0c                                                      SECTION IIB-3\n                                              U.S. DEPARTMENT OF LABOR\n                                       EMPLOYMENT STANDARDS ADMINISTRATION\n                                       FEDERAL EMPLOYEES\' COMPENSATION ACT\n                                                 SPECIAL BENEFIT FUND\n                                       SCHEDULE OF BENEFIT EXPENSE BY AGENCY\n                                        FOR THE YEAR ENDED SEPTEMBER 30, 2002\n\n                                                                                                                       Change in         Total\n                                                                                                           Benefit      Actuarial       Benefit\n                                                                                                         Payments       Liability      Expense\n                                                                                                         (Dollars in   (Dollars in    (Dollars in\n AGENCY                                                                                                  thousands)    thousands)     thousands)\n U. S. Department of Justice                                                                                 $98,950       $10,694         $109,644\n\n U. S. Department of Labor                                                                                    21,942        22,699           44,641\n\n U. S. Department of the Navy                                                                                248,166       (96,240)         151,926\n\n U. S. Department of State                                                                                     6,624          (386)           6,238\n\n U. S. Department of Transportation                                                                          102,750       (51,133)          51,617\n\n U. S. Department of the Treasury                                                                             89,084           848           89,932\n\n U. S. Department of Veterans Affairs                                                                        154,411       (50,098)         104,313\n\n Other agencies (1)                                                                                          101,507       (52,937)          48,570\n\n Total - all agencies (Memo Only)                                                                         $2,307,271     $(187,009)      $2,120,262\n\n\n\n\n                                                                                      14\n1 Non-billable and other agencies for which ESA did not individually calculate an actuarial liability.\n\x0c                                      SECTION IIC\n                           AGREED-UPON PROCEDURES & RESULTS\n\nSUMMARY\n\nOur objective was to perform specified agreed-upon procedures to the Schedules of Actuarial Liability\nby Agency, Net Intra-Governmental Accounts Receivable by Agency and Benefit Expense by Agency\nas of and for the year ended September 30, 2002, as summarized below:\n\n\xe2\x80\xa2   Applied certain agreed-upon procedures as detailed in this section of the report to the estimated accrued\n    actuarial liability of future FECA benefit payments as of September 30, 2002. A certified actuary was\n    engaged to review the calculation of the actuarial liability.\n\n\xe2\x80\xa2   Applied certain agreed-upon procedures as specified in this section of the report to the net intra-\n    governmental accounts receivable billings and balances for the period ending September 30, 2002.\n\n\xe2\x80\xa2   Applied certain agreed-upon procedures as outlined in this section of the report to the compensation and\n    medical payments for the period October 1, 2001 to April 30, 2002 (sampling period), and for the period\n    October 1, 2001 to September 30, 2002 (fiscal year), and to DOL\xe2\x80\x99s cut-off process. Calculated the change\n    in the actuarial liability from the prior year to the current year.\n\nThese procedures were performed in accordance with standards established by the American Institute\nof Certified Public Accountants and with Government Auditing Standards, issued by the Comptroller\nGeneral of the United States.\n\nEach section of this agreed- upon procedures report has a general overview of the section followed by\ndetailed listing of the agreed- upon procedures performed and the results of the procedures for each\nsection of this engagement.\n\nIn summary, we applied the following agreed- upon procedures:\n\nActuarial Liability - Consistent with prior years, the actuarial liability was evaluated by an\nindependent actuary. Agreed- upon procedures were performed on the methodology, assumptions and\ninformation used in the model. The 2002 benefit payments predicted by the model for 2001 were\ncompared to actual payments made in 2002, and analytical procedures were performed relating the\nchange in the liability amount by agency to the change in the aggregate liability.\n\nNet Intra-Governmental Accounts Receivable - Confirmation letters regarding the accounts receivable\nas of September 30, 2002, were mailed and confirmed with the CFO Act and other selected agencies.\nAgreed-upon procedures were performed on fiscal year 2002 accounts receivable as compared with\nfiscal year 2001 accounts receivable with regards to new receivables, collections, write-offs, and\nchargebacks.\n\nBenefit Expense - Agreed-upon procedures were applied to the benefit payments made during the\ncurrent fiscal year by district office, by strata, and by agency as compared to benefit payments of the\nprior fiscal year. Applied procedures to DOL\xe2\x80\x99s cut-off process to determine if adjustments were\nrecorded in the appropriate period. Calculated the change in the actuarial liability from the prior year\nto the current year.\n                                                     15\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\nACTUARIAL LIABILITY\n\nGeneral Overview\n\nThe actuarial model and the resulting actuarial liability were evaluated by an independent actuary.\nThe independent actuary issued a report that stated the aggregate actuarial liability was reasonably\nstated in accordance with Actuarial Standards. We performed agreed- upon procedures on the\ncalculation of the actuarial liability by employing agency. Our procedures included considerations of\nhow the change in each agency\'s liability related to the change in the total estimate, its own history, its\ngroup, and to the benefit payments made during the current year.\n\nProcedures and Results\n\n Agreed-Upon Procedures Performed                      Results of Procedures\n Engaged a certified actuary to review the             The actuary\xe2\x80\x99s review of the model indicated that the assumptions\n calculations of the actuarial liability as to:        were appropriate for the purpose and method applied.\n \xe2\x80\xa2 Whether or not the assumptions used by the\n     model were appropriate for the purpose and        The actuary tested the calculations included in the model and\n     method to which they were applied.                found that they were performed consistent with the model\'s stated\n \xe2\x80\xa2 Whether or not the assumptions were                 assumptions.\n     reasonable representations for the underlying\n     phenomena that they model.                        The actuary\xe2\x80\x99s review of the model indicated that the\n \xe2\x80\xa2 Whether or not such assumptions were being          methodologies were acceptable, were applied correctly and that\n     applied correctly and if other calculations       calculations are performed in such a way as to generate results\n     within the model were being performed in a        which are overall appropriate. Additional detailed checks of\n     manner as to generate appropriate results.        calculations and data flow revealed no errors in methodology had\n \xe2\x80\xa2 Whether or not changes in the assumptions           been used.\n     over the years affected trends.\n                                                       The methodology and assumption applied to the calculations\n \xe2\x80\xa2 Whether or not tests of calculations provided a\n     reasonable basis regarding the integrity of the   tested provides a reasonable basis in regard to the integrity\n     model as a whole.                                 of the model as a whole.\n \xe2\x80\xa2 Whether or not the overall results were\n                                                       The actuary indicated that the model calculated a liability and that\n     reasonable.\n                                                       the overall results were reasonable under the method and\n                                                       assumptions used.\n Confirmed with the American Academy of                The actuarial specialist was accredited and in good standing with\n Actuaries and the Casualty Actuarial Society as to    the American Academy of Actuaries and the Casualty Actuarial\n whether the actuary was accredited and in good        Society. The actuarial consulting firm certified that they were\n standing with the associations. Obtained a            independent from the DOL and the FECA Special Benefit Fund.\n statement of independence from the actuarial firm.    The actuarial consulting firm provided references stating\n Obtained two references from clients of the           experience in the type of work required for this engagement.\n actuarial firm as to the actuary\'s work.              Contacted the references of the actuarial firm and confirmed they\n                                                       possessed the expertise and experience required for this\n                                                       engagement.\n\n\n\n\n                                                            16\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\nAgreed-Upon Procedures Performed                      Results of Procedures\nCompared the economic assumptions used by the         The model utilizes estimates of prospective inflation and interest\nmodel for 2001 to the assumptions used during the     rates to project and then discount future benefit payments. As\ncurrent year.                                         published by OMB, prospective interest rates of 10-year Treasury\n                                                      bills decreased from 5.21% for the prior year to 5.20% for the\n                                                      current year. Concurrently, the Bureau of Labor Statistics\xe2\x80\x99 (BLS)\n                                                      estimates of COLA decreased from a 10 year average of 2.64%\n                                                      for the prior year to a 10 year average of 2.37% for the current\n                                                      year, and CPI-Med factors decreased from a 10 year average of\n                                                      4.13% for the prior year to a 10 year average of 4.04% for the\n                                                      current year. In combination, these rate changes resulted in an\n                                                      increase in the net effective rate (interest rate less inflation rate)\n                                                      of approximately .23% (from approximately 2.27% to 2.50%).\n                                                      The result of the changes in estimated prospective rates was to\n                                                      decrease the estimated actuarial liability by approximately 2.3%\n                                                      from what the liability would have been had 2001 rates been used\n                                                      for the year 2002 calculation.\nCompared the interest and inflation rates used by The interest rates used in the model were the same interest rates\nthe model to the source documents from which stated in OMB\xe2\x80\x99s publication. The inflation rates used in the\nthey were derived.                                    model were derived from the BLS indices cited. The rates from\n                                                      the BLS indices were adjusted to accommodate the difference\n                                                      between the year end of the actuarial model and the year end of\n                                                      the cited rates. The blended rates were recalculated without\n                                                      exception.\nCompared the actuarial liability by agency as The liability reported on the Memorandum issued to the CFOs of\nreported in a Memorandum to the CFOs of Executive Departments of the unaudited estimated actuarial\nExecutive Departments of the unaudited estimated liability for future workers\' compensation benefits agreed with the\nactuarial liability for future workers\' compensation liability calculated by the model and reported on the Projected\nbenefits to the liability calculated by the model and Liability Reports.\nreported on the Projected Liability Reports.\nCompared by agency and in aggregate, the 1998- The amounts in aggregate agreed without exception. By agency,\n2002 benefit payments downloaded to the model approximately $168,000 of 1998 DOT benefit payments had been\nwith the amount of benefit payments reflected in downloaded as "Other Agencies". This amount represented\nthe Summary Chargeback Billing Report, to approximately .17% of DOT\'s 1998 payments.                              No other\ndetermine whether the benefit payment data used exceptions were noted.\nby the model was the same data upon which\nagreed-upon procedures for benefit payments were\nperformed.\n\n\n\n\n                                                            17\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\nAgreed-Upon Procedures Performed                       Results of Procedures\n\nDetermined the basis of the agency groupings and       The groupings were consistent with the prior year. The grouping\nperformed tests to establish the consistency of the    was determined premised on a claim duration probability study\ngrouping. Determined the impact of such inclusion      performed by a DOL economist. Both the designers of the model\nin a grouping.                                         and the independent actuary agreed that the study provided a\n                                                       basis for such groupings. The groupings were traced to the study.\n                                                       The study included data through 1991, and therefore, agencies\n                                                       without claims under FECA prior to 1991 had not been studied.\n                                                       These agencies were placed in Group III, whose average\n                                                       probability approximated the average of the aggregate population.\n                                                       These agencies are AID, FEMA, NSF, NRC, OPM, SBA, and\n                                                       SSA.\n\n                                                       Group experience is used to develop the backfilling factors and is\n                                                       factored into the loss development feature used to project the\n                                                       pattern of future payments. Group experience has a more\n                                                       significant impact on the estimated liabilities for smaller\n                                                       agencies.\nCalculated the change in the actuarial liability by    The aggregate liability decreased approximately .73%. The\nagency and in aggregate. Identified and sought         following agencies\xe2\x80\x99 liabilities changed by more than 10%:\nexplanations for agencies whose liability changed      Commerce (-14.8%), NRC (-16.5%), FEMA (13.6%).\nby more than 10%.\n                                                       A predictive test of what the liability should have been based\n                                                       upon last year\xe2\x80\x99s liability adjusted for the change in benefit\n                                                       payments and economic factors predicted within 10% of the\n                                                       model\xe2\x80\x99s liability for the above agencies. The change in benefit\n                                                       payments in the current fiscal year contributed to a liability\n                                                       change in excess of 10%.\nCalculated the ratio of the agency liability to the    The Liabilities to Benefits Paid ratio (LBP) was 11.06. The LBP\nLBP ratio by agency and compared this to the           was above the average for both Commerce (12.19) and NRC\noverall ratio and group ratio. Identified and sought   (11.97) and below the average for FEMA (10.65).          An LBP\nexplanations for those agencies for which the ratio    above the average would normally indicate the change in benefit\nvaried by more than 10 from their group ratio, and     payments had not caused the liability to be understated relative to\nlay outside the range of group averages.               the model overall and an LBP below the average would normally\n                                                       indicate the increase in benefit payments had not caused the\n                                                       liability to be overstated.\n\n                                                       By group, the range of the ratio was from 9.75 (Group V-Postal)\n                                                       to 12.81 (Group III). The following agencies varied by more than\n                                                       10 from their group\xe2\x80\x99s ratio and fell outside the range of group\n                                                       ratios: Education (13.55- Group II), NSF (14.83-Group III),\n                                                       All Other Defense (14.16- Group III), State (8.95- Group IV),\n                                                       Labor (12.84- Group IV).\n\n                                                       A predictive test of what the liability should have been premised\n                                                       upon last year\xe2\x80\x99s liability adjusted for the change in benefit\n                                                       payments and economic factors predicted within 10 for all\n                                                       agencies except State. For State, the test resulted in a liability\n                                                       17.61 lower than calculated by the model. Education, Labor &\n                                                       NSF had medical LBPs which exceeded their group medical\n                                                       LBPs.\n\n\n                                                            18\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\nAgreed-Upon Procedures Performed                        Results of Procedures\n\n                                                        DOL identified an atypical lump -sum payment in an older injury\n                                                        year that they indicated could have skewed their results upward.\n                                                        The actuary concurred with DOL\xe2\x80\x99s explanation and\n                                                        recommended that the actuarial liability for DOL be adjusted\n                                                        downward by approximately $23 million. DOL reviewed whether\n                                                        atypical payments contributed to the high LBPs in Education,\n                                                        Defense, and NSF. DOL did not identify atypical payments in\n                                                        these agencies.\nCompared the benefit payments predicted by the          Payments increased in constant dollars approximately .97%\nmodel for year 2002 to the actual benefit               during the current fiscal year, which was comprised of a .82%\npayments. Identified the agencies where the model       increase in compensation and 1.37% increase in medical benefit\ncomputed benefit payment that varied by more            payments. The aggregate trend of the last four years in constant\nthan 20% from actual benefit payments made              dollars is .4% increase in compensation and 4.25% average\nduring 2002. Calculate an average LBP for all           annual increase in medical.\nagencies and determine which agencies were\nhigher than the average.                                Actual payments were approximately 14.0% lower than\n                                                        predicted. The following agencies\xe2\x80\x99 actual payments varied from\n                                                        the prediction by more than 20%: NRC (-28.5%),\n                                                        Commerce (-39.2%), Justice (28.9%), State (31.13%).\n\n                                                        The LBP ratios for NRC (11.97), Commerce (12.19), and Justice\n                                                        (12.59) were higher than average (11.06).\n\n                                                        During the design stage of the model, this table of projected\n                                                        benefit payments was requested to assist in the budgetary process\n                                                        as an addition to the liability calculation. DOL stated, and the\n                                                        actuary concurred, that the nature of the computed projected\n                                                        benefit payments were that of a derivative of the model rather\n                                                        than intrinsic to the liability calculation. Labor has initiated\n                                                        procedures to correct the problems identified with the table.\nCompared an estimate of the liability by agency         The calculated amounts were within 10% of amounts derived by\ncalculated from the agency\xe2\x80\x99s prior year balance,        DOL\xe2\x80\x99s model for all agencies except Department of State.\nthe change in their benefit payments, and the           Department of State\xe2\x80\x99s liability was estimated 17.61% lower than\noverall effect of change in economic factors to the     calculated by the model.\nliability computed by the actuarial model.\nPerformed a survey of interest and inflation rates      Surveyed rates for compensation ranged from 2.34% to 3.00%\nutilized by the Postal Service, OPM, and two other      and for medical ranged from 1.28% to 1.4%. The model\'s rates\nsources with governmental actuarial liabilities         compute to net effective rates of approximately 2.83% for\nexperience. Determined how the surveyed net             compensation and 1.16% for medical. The medical portion of the\neffective rates compared to the interest rates used     liability comprises approximately 19.85% of the total. A higher\nin the model and explain the effect of a higher rate.   rate equates to the calculation of a lower liability.\n\n\n\n\n                                                             19\n\x0c                                      SECTION IIC\n                           AGREED-UPON PROCEDURES & RESULTS\n\nAgreed-Upon Procedures Performed                   Results of Procedures\n\nCompared the actuarial liability for the Postal    The actuarial liability calculated by DOL for the Postal Service\nService calculated by the model to the actuarial   was 14.2% higher than the calculation prepared by the Postal\nliability calculated by the Postal Service\xe2\x80\x99s       Service. The net effective discount rates used by the Postal\nindependent model.                                 Service were different than those used by DOL. Use of the same\n                                                   Postal Service net effective discount rates would have resulted in\n                                                   the difference of approximately 11.9%.\n\n                                                   DOL\xe2\x80\x99s calculation was 23.8% higher than Postal Service last\n                                                   year. FECA\xe2\x80\x99s estimate for the Postal Service increased 3.4%,\n                                                   while Postal Service\xe2\x80\x99s estimate increased 12.2%.\n\n\n\n\n                                                        20\n\x0c                                         SECTION IIC\n                              AGREED-UPON PROCEDURES & RESULTS\n\nNET INTRA-GOVERNMENTAL ACCOUNTS RECEIVABLE\n\nGeneral Overview\n\nAgreed-upon procedures were applied to the net intra-governmental accounts receivable as of\nSeptember 30, 2002, as compared with net intra- governmental accounts receivable as of September\n30, 2001, with regards to new receivables, collections, write-offs, and chargebacks.\n\nWe compared the fiscal year 2002 net intra-governmental accounts receivable to the fiscal year 2001\nnet intra-governmental accounts receivable and investigated changes of over 5 percent. We also\ncompared new receivables, collections and write-offs for fiscal year 2002 to fiscal year 2001;\ncalculated the accounts receivable outstanding for each fiscal year; calculated the chargeback and fair\nshare total for 2002; and confirmed the chargeback amounts billed for benefit payments directly with\nthe Federal agencies charged.\n\nProcedures and Results\n\nAgreed-Upon Procedures Performed                                   Results of Procedures\nCompared prior year ending net intra-governmental                  The change in the net intra-governmental accounts\naccounts receivable balances to the current year net intra-        receivable balances was in proportion to the increases in\ngovernmental accounts receivable balance by Federal                benefit payments billed to and paid by each Federal agency.\nagency. Determined whether the increase or decrease was\nin proportion to the change in amounts billed and paid.\nCompared the fiscal year 2002 account activity by Federal          The change in the write-offs and new accounts receivable\nagency for write-offs and new accounts receivable to prior         were in proportion with the amounts billed and collected.\nfiscal year activity. Determined whether the increase or\ndecrease was in proportion to the change in amounts billed\nand collected.\nConfirmed accounts receivable balances due as of                   Confirmations were reviewed for agreement to amounts\nSeptember 30, 2002, for all CFO Act agencies, except DOL           recorded.    Explanations for the differences on the\nand other selected Federal agencies.                               confirmations received were obtained from the agencies\n                                                                   and/or DOL. A confirmation was not received from\n                                                                   Interior. DOL\xe2\x80\x99s CFO office has an interagency workgroup\n                                                                   which works to resolve any differences with the agencies.\nCompared the chargeback billing report for the period, July        The amounts billed to the Federal agencies for the period\n1, 2001 through June 30, 2002, to the amounts billed to the        July 1, 2001 through June 30, 2002, agreed to the\nFederal agencies.                                                  chargeback billing report.\nRecalculated the allocation of credits due from the public.        No exceptions were noted.\nDetermined, for a non-statistical sample of 25 accounts            In 1 of 25 accounts receivable, the accounts receivable\nreceivable items, whether claimant accounts receivable             account was incorrectly reported in the DMS, resulting in a\nwere properly established and classified.                          net overstatement of $3,467. No other exceptions were\n                                                                   noted.\n\n\n\n\n                                                              21\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\nAgreed-Upon Procedures Performed                             Results of Procedures\n\nDetermined, for a non-statistical sample of 100 items,       No exceptions were noted.\nwhether, for the 25 cases in the preliminary status, the\nLetter CA-2201 or Letter CA-2202, as applicable, was\nproperly issued to notify the claimants of the preliminary\ndecision regarding the claimant\xe2\x80\x99s accounts receivable\nand to give the claimant an opportunity to provide\nadditional evidence regarding the accounts receivable.\nDetermined whether, for the 75 cases in final status, a\nfinal decision was made as to the debt and whether the\nfinal decision was properly recorded and reported to the\nclaimant.\nDetermined, for a non-statistical sample of 75 accounts      In 4 of 75 accounts receivable, a portion of the interest or\nreceivable items in final status, whether the proper         principal on the debts were not properly written-off,\nprocedures were followed with regards to the                 adjusted or compromised. No other exceptions were noted.\nestablishment of a repayment plan, the assessment of\ninterest, the compromise or waiving of portions of\ninterest or principal as appropriate and the pursuit of\naccounts receivable which were in arrears.\n\n\n\n\n                                                             22\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\nBENEFIT EXPENSE\n\nGeneral Overview\n\nAgreed-upon procedures were applied to compare compensation and medical benefit payments in\ntotal, by strata, by average payment and by agency for the fiscal year ended September 30, 2002, to\nthe fiscal year ended September 30, 2001, and for the sampling period of October 1, 2001 to April 30,\n2002, to the sampling period of October 1, 2000 to April 30, 2001. Changes in the actuarial liability\nfrom the prior year to the current year were calculated. Agreed- upon procedures were applied to\nDOL\'s cut-off process.\n\nProcedures and Results\n\n Agreed-Upon Procedures Performed                       Results of Procedures\n Compared the benefit payments recorded in the          The benefit payments recorded in the ACPS and BPS databases\n Automated Compensation Payment System (ACPS)           varied from the Department of Treasury\xe2\x80\x99s SF-224 at\n and Benefit Payment System (BPS) databases to the      April 30, 2002, by .004%. As of September 30, 2002, the\n Department of Labor\'s general ledger and the           ACPS and BPS databases varied from the Department of\n Department of Treasury\xe2\x80\x99s SF-224s as of                 Treasury\xe2\x80\x99s SF-224 at September 30, 2002, by .07%\n April 30, 2002 and September 30, 2002.                 ($1.547 million) and from the Department of Labor\xe2\x80\x99s general\n                                                        ledger by 0.12% ($272 thousand).\n Obtained the Department of Labor\'s year-end cut-off    The year-end adjustment made to the general ledger to prorate\n procedures. Obtained the year-end adjustments made     the expenditures which overlapped fiscal years agreed to the\n to the general ledger to prorate expenditures which    supporting documentation. The adjustments were recorded in\n overlapped fiscal years. Determined if these           the correct period.\n adjustments were recorded in the correct period.\n Determined the average ACPS and BPS payments by        The average ACPS benefit payments per case by strata varied\n strata for the April 30, 2002 and September 30, 2002   from (1.41)% to 13.30% with an average increase of 4.10% at\n database and compared them to the average ACPS         April 30, 2002. The average ACPS benefit payments per case\n and BPS payments by strata for the April 30, 2001      by strata varied from (5.64)% to 16.76% with an average\n and September 30, 2001 databases. Determined if        decrease of .70% at September 30, 2002.\n there were any variances larger than 7%. Requested\n explanations from DOL for variances over 7%, if        The strata of ACPS payments per case which increased over\n any.                                                   7% for the strata of payments under $3,000 increased by 13.3%\n                                                        and 16.7% as of April 30 and September 30, respectively. DOL\n                                                        stated that a review of the cases in this strata would be\n                                                        necessary to determine the cause of this increase.\n\n                                                        The average BPS benefit payments by strata varied from\n                                                        (6.88)% to 3.80% with an average decrease of 1.52% at\n                                                        April 30, 2002. The average BPS benefit payments by strata\n                                                        varied from (10.11)% to 1.51% with an average decrease of\n                                                        .25% at September 30, 2002.\n\n                                                        The average BPS benefit payments by strata at April 30, 2002\n                                                        decreased by more than 7% for the high dollar strata of\n                                                        payments over $75,000. DOL explained that due to the limited\n                                                        number of bills over $75,000, only a few bills would equate to\n                                                        this change.\n\n\n                                                          23\n\x0c                                        SECTION IIC\n                             AGREED-UPON PROCEDURES & RESULTS\n\n\nAgreed-Upon Procedures Performed                      Results of Procedures\n\nCompared the total benefit payments for each of the   The 2001 benefits increased by 5.92%. DOL stated that\nlast 5 fiscal years. Determined if there were any     medical benefits increased substantially in 2001 over prior\nvariances larger than 5% for each of the 5 fiscal     years resulting in higher overall benefit payments. No other\nyears.    Requested explanations from DOL for         variances over 5% were noted.\nvariances over 5%, if any.\nCompared the summary chargeback billing list to the    The agency chargeback billing list varied from the benefit\nbenefit payment database as of September 30, 2002.     payment      database    for    the    fiscal  year    ending\n                                                       September 30, 2002, by .06%.\nCompared, by agency and in total, compensation and Benefit         payments     for    the    fiscal   year   ending\nmedical bill payments for the fiscal year ending September 30, 2002, increased 4.24% overall.                 Benefit\nSeptember 30, 2002, with payments made for the payments increased or decreased by more than 7%, for the\nfiscal year ending September 30, 2001. Requested following agencies:\nexplanations from DOL for variances over 7%, if Commerce                     -27.5%     NASA            -8.1%\nany.                                                   AID                   -13.7%     SSA             7.6%\n                                                       Department of State -11.1%       Postal Service 9.0%\n                                                       Education             -10.7%     FEMA           11.0%\n                                                       NRC                   -10.2%\n                                                       DOL is reviewing the payments trends in these agencies.\nCompared the benefit payments made by each Benefit payments by district offices for the period through\ndistrict office as of April 30, 2002 and September 30, April 30, 2002 and September 30, 2002, varied from the prior\n2002, to the prior year data. Determined if there year by \xe2\x80\x9316.19% to 15.34% for the 12 district offices. Benefit\nwere any variances larger than 5%. Requested payments increased or decreased by more than 5% for the\nexplanations from DOL for variances over 5%, if following districts:\nany.                                                   Hearings and Review (16.19%)\n                                                       New York                   6.24%\n                                                       Denver                     6.82%\n                                                       San Francisco             6.96%\n                                                       Dallas                    7.02%\n                                                       Chicago                  15.34%\n                                                       DOL stated the decrease and increases were due to the\n                                                       movement of cases among the district offices and the change in\n                                                       the coding of ECAB cases.\nCalculated a 12-month projected benefit payment The actual 12-month total benefit payments varied from the\nbased on the April 30, 2002 interim database. projected 12-month total benefit payments for the fiscal year\nCompared the projected 12-month total benefit ending September 30, 2002, by -.90%.\npayments to the actual 12-month total benefit\npayments as of September 30, 2002.\nCompared the fee schedule used to pay medical DOL prepared a study of the amounts paid for 12 different\nproviders with the fee schedule used by other common procedure codes by 19 state agencies. The amounts\nagencies.                                              which would be paid under DOL\xe2\x80\x99s fee schedule did not exceed\n                                                       the maximum and was in excess of the minimum paid by the\n                                                       19 state agencies.\nCalculated the change in the actuarial liability The change in the actuarial liability was calculated correctly by\nreported on the current year and prior year\xe2\x80\x99s DOL.\ncompilation report prepared by DOL.\n\n\n\n\n                                                         24\n\x0c                                                                                  Carmichael\n                                                                               Brasher Tuvell\n Certified Public Accountants                                                    & Company\n                                                                                        678-443-9200\n                                                                              Facsimile 678-443-9700\n                                                                                    www.cbtcpa.com\n\n\n                                    SECTION IIIA\n                       INDEPENDENT SERVICE AUDITORS\' REPORT\n\n\nVictoria A. Lipnic, Assistant Secretary\nEmployment Standards Administration, U.S. Department of Labor:\n\nWe have examined the accompanying description of the policies and procedures of the Division of\nFederal Employees\' Compensation applicable to general computer controls and the processing of\ntransactions for users of the Federal Employees\' Compensation Act Special Benefit Fund. Our\nexamination included procedures to obtain reasonable assurance about whether (1) the accompanying\ndescription presents fairly, in all material respects, the aspects of DFEC policies and procedures that\nmay be relevant to a user organization\xe2\x80\x99s internal control as it relates to an audit of financial\nstatements; (2) the policies and procedures included in the description were suitably designed to\nachieve the control objectives specified in the description, if those policies and procedures were\ncomplied with satisfactorily, and users of the FECA Special Benefit Fund applied the internal control\npolicies and procedures contemplated in the design of DFEC\'s policies and procedures, as described in\nSection IIIB; and (3) such policies and procedures had been placed in operation as of April 30, 2002.\n\nDFEC uses SunGard eSourcing, Inc. (SunGard), to process information and to perform various\nfunctions related to the data processing services of the FECA Special Benefit Fund. The\naccompanying description includes only those policies and procedures and related control objectives\nat DFEC, and does not include policies and procedures and related control objectives at SunGard, a\nsubservicer. The control objectives were specified by the management of DFEC and did not extend to\nthe controls at SunGard. Our examination did not extend to the controls of SunGard, the subservicer.\nOur examination was performed in accordance with standards established by the American Institute of\nCertified Public Accountants, Government Auditing Standards, issued by the Comptroller General of\nthe United States, and included those procedures we considered necessary in the circumstances to\nobtain a reasonable basis for rendering our opinion.\n\nIn our opinion, the accompanying description of the policies and procedures of DFEC presents fairly,\nin all material respects, the relevant aspects of DFEC\'s policies and procedures that had been placed in\noperation as of April 30, 2002. Also, in our opinion, the policies and procedures, as described, are\nsuitably designed to provide reasonable assurance that the specified control objectives would be\nachieved if the described policies and procedures were complied with satisfactorily and users of the\nFECA Special Benefit Fund applied the internal control policies contemplated in the design of the\nDFEC\'s policies and procedures.\n\n\n\n\n                                                  25\n              1647 Mount Vernon Road, Dunwoody Exchange, Atlanta, Georgia 30338\n\x0cIn addition to the procedures we considered necessary to render our opinion, as expressed in the\nprevious paragraph, we applied tests to specified policies and procedures to obtain evidence about\ntheir effectiveness in meeting the related control objectives during the period from October 1, 2001\nthrough April 30, 2002. The specific policies and procedures and the nature, timing, extent, and\nresults of the tests are summarized in Section IIIC. This information has been provided to the users of\nthe FECA Special Benefit Fund and to their auditors to be taken in consideration, along with\ninformation about the internal controls at user organizations, when making assessments of control risk\nfor user organization. In our opinion, the policies and procedures that were tested, as described in\nSection IIIB were operating with sufficient effectiveness to provide reasonable, but not absolute,\nassurance that the specified control objectives were achieved during the period from October 1, 2001\nthrough April 30, 2002. However, the scope of our engagement did not include tests to determine\nwhether control objectives not listed in Section IIIC were achieved; accordingly, we express no\nopinion on the achievement of control objectives not included in Section IIIC.\n\nThe relative effectiveness and significance of specific policies and procedures at DFEC and their\neffect on assessment of control risk at user organizations are dependent on their interaction with the\npolicies and procedures, and other factors present at individual user organizations. We have\nperformed no procedures to evaluate the effectiveness of policies and procedures at individual user\norganizations.\n\nThe description of policies and procedures at DFEC is as of April 30, 2002, and information about\ntests of the described policies and procedures of specified policies and procedures covers the period\nOctober 1, 2001 through April 30, 2002. Any projection of such information to the future is subject to\nthe risk that, because of change, the description may no longer portray the system in existence. The\npotential effectiveness of specified policies and procedures at DFEC is subject to inherent limitations\nand, accordingly, errors, irregularities or fraud may occur and not be detected. Furthermore, the\nprojection of any conclusions, based on our findings, to future periods is subject to the risk that\nchanges may alter the validity of such conclusions.\n\nThis report is intended solely for the information and use of the U.S. Department of Labor, users of\nthe FECA Special Benefit Fund (Federal agencies listed in Section IIB of this report), and the\nindependent auditors of its users.\n\n\n\n\nOctober 31, 2002\n\n\n\n\n                                                  26\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF SERVICES PROVIDED\n\nOverview\n\nThe Federal Employees\' Compensation Act Special Benefit Fund was established by FECA to provide\nincome and medical cost protection worldwide for job-related injuries, diseases, or deaths of civilian\nemployees of the Federal Government and certain other designated groups. The DOL-ESA is charged\nwith the responsibility of operation and accounting control of the Special Benefit Fund under the\nprovisions of FECA. Within ESA, the Office of Workers\' Compensation Program, DFEC administers\nthe FECA program.\n\nIn 1908, Congress passed legislation providing workers\' compensation to Federal workers whose jobs\nwere considered hazardous. Due to the limited scope of this legislation, FECA was passed in 1916,\nextending workers\' compensation benefits to most civilian Federal workers. FECA provided benefits\nfor personal injuries or death occurring in the performance of duty.\n\nFECA provides wage replacement (compensation) benefits and payment for medical services to\ncovered Federal civilian employees injured on the job, employees who have incurred a work-related\noccupational disease, and the beneficiaries of employees whose death is attributable to a job-related\ninjury or occupational disease. Not all benefits are paid by the program since the first 45 days from\nthe date of the traumatic injury are usually covered by putting injured workers in a continuation of pay\n(COP) status. FECA also provides rehabilitation for injured employees to facilitate their return to\nwork.\n\nActuarial Liability\n\nWithin ESA, the Division of Financial Management has been designated as the responsible agency to\ngenerate the annual FECA actuarial calculations. The Division of Planning, Policy and Standards\n(DPPS) has the direct responsibility for preparing the actuarial liability and the initial review of the\ndetailed calculations. The DPPS also has the responsibility of investigating and revising the initial\nmodel\'s calculations as deemed appropriate. The FECA actuarial liability is prepared on an annual\nbasis as of September 30, of each fiscal year.\n\nThe actuarial model was originally developed during 1991 as spreadsheets by a DOL Office of\nInspector General (OIG) contractor (a certified actuary). The model utilized the basic theory that\nfuture benefit payment patterns will reflect historic payment patterns. Under this approach, a\nprojection can be made into future years based on historical payments. This selected approach is\ncommonly referred to as the "paid loss extrapolation method." This method was chosen for its\nsimplicity, availability of payment data, cost savings and reliability.\n\n\n\n\n                                                  27\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nSince 1991, the number of agencies for whom the liability is calculated increased. These additional\nagencies are smaller in size than that of the agencies for whom the original model was developed.\nHistoric extrapolation models are generally held to work best with larger populations. As a result, the\ncalculations from year to year were more volatile than those for the original agencies, and preparing\nthe estimates became increasingly cumbersome. Therefore, during FY 2000, DOL engaged actuaries\nto create a new model.\n\nThe new model shares its fundamental theory with the old model; future benefit payments are\npredicted based upon the pattern of historical payments. As before, in order to run the model, the\nDPPS imports the current year\'s actual FECA payments by each chargeback agency (FECA\nChargeback System tapes). This payment data per agency is subdivided into incurred injury year cells\nto provide the extra dimension of the historic payment pattern. The chargeback tapes (historic basis)\nare maintained by the FECA Program, which supplies the historic data to DPPS annually. Both\nmodels included historical payments in constant dollars. Inflation and discount factors as derived\nfrom OMB economic forecasting packages in its calculations of future payments. Therefore, both\nmodels share a sensitivity to economic assumptions.\n\nHowever, the new model varies from the previous model. For instance, claims incurred but not\nreported (IBNR) was excluded from the previous model in accordance with Appendix B - Liability\nRecognition and Measurement Matrix of SFFAS 5. The new model recognizes IBNR, which\nenhances its comparability to private sector insurance models. FASAB has concurred wit h its\ninclusion. Also, the previous model predicted future payments by multiplying the most recent year\'s\npayments by decay rates derived from historical payments. In contrast, the new model develops an\nestimate of total anticipated payments by injury year, subtracts cumulative payments to date, and\nallocates the remaining payments to future years premised upon loss development factors.\n\nIn order to establish cumulative payments to date, the new model utilizes a backfilling technique, a\ncasualty model methodology. Because FECA makes payments on injuries incurred as far back as\n1952, and the old model\'s data base of payments begins in 1989, backfilling was necessary to\ncomplete the matrices of cost by injury to payment year. The technique consists of extrapolating\npatterns from actual payments for the years included in the data base, and developing reverse decay\nrates to predict what the costs should have been in the years prior to the base of known payments.\n\nIn developing the backfilling factors, the model makes use of groupings of agencies. The groupings\nwere established based upon a claim duration study performed by a DOL economist. Most agencies\nwere placed in groups with a similar probability of a claim extending over a certain period of time.\nThe agencies added since 1991, were included in the group whose probabilities approximated the\naverage of all the agencies. The group is both affected by and affects the agencies within it. For\ninstance, smaller agencies are more affected than larger agencie s. Besides the development of the\nbackfilling factors, the grouping affects the predicted loss development factors. The loss development\nfactors are a weighted combination of agency, group, and all-agency factors. The new model includes\nextending the duration of the model until the estimated payments left to be paid expire.\n\n                                                  28\n\x0c                                     SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\nChargeback System\n\nDFEC is required to furnish to each agency and instrumentality, before August 15th of each year, a\nstatement or bill showing the total cost of benefits and other payments made during the period July 1\nthrough June 30. DFEC established the chargeback system to furnish these statements.\n\nThe chargeback system creates bills which are sent to each employing agency for benefits that have\nbeen paid on the agency\'s behalf. The bills are for a fiscal year inclusive of benefits paid from July 1\nthrough June 30. Each agency is required to include in its annual budget estimates for the fiscal year\nbeginning in the next calendar year, a request for an appropriation for the amount of these benefits.\nThese agencies are then required to deposit in the Treasury, the amount appropriated for these benefits\nto the credit of the Fund within 30 days after the appropriation is available.\n\nIf an agency is not dependent on an annual appropriation, then the funds are required to be remitted\nduring the first 15 days of October following the issuance of the bill.\n\nThe bills sent to agencies for the chargeback system contain identifying codes that indicate both the\nyear being billed and the year in which the bill is to be paid. Each bill sent out in fiscal year 2001 and\ndue in fiscal year 2002 would be coded as follows: 01-XXX-02. The 01 indicates the year the bill is\ngenerated, the XXX indicates the numerical sequence of the bill, and the 02 would indicate the year\nthat the bill would be due and paid.\n\nOperational Offices\n\nDFEC administers FECA through 12 district offices and a national headquarters located in\nWashington, D.C. The District offices and the areas covered by each Distric t office are:\n\n                       Location of\n       District        District Office        States or Regions Covered by District Office\n          1            Boston                 Connecticut, Maine, Massachusetts, New Hampshire,\n                                              Rhode Island, Vermont\n          2            New York               New Jersey, New York, Puerto Rico, Virgin Islands\n          3            Philadelphia           Delaware, Pennsylvania, West Virginia\n          6            Jacksonville           Alabama, Florida, Georgia, Kentucky, Mississippi,\n                                              North Carolina, South Carolina, Tennessee\n           9           Cleveland              Indiana, Michigan, Ohio\n          10           Chicago                Illinois, Minnesota, Wisconsin\n          11           Kansas City            Iowa, Kansas, Missouri, Nebraska, all DOL employees\n          12           Denver                 Colorado, Montana, North Dakota, South Dakota, Utah,\n                                              Wyoming\n\n\n\n\n                                                   29\n\x0c                                     SECTION IIIB\n                  DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\n\n\n                      Location of\n       District       District Office        States or Regions Covered by District Office\n         13           San Francisco          Arizona, California, Guam, Hawaii, Nevada\n         14           Seattle                Alaska, Idaho, Oregon, Washington\n         16           Dallas                 Arkansas, Louisiana, New Mexico, Oklahoma, Texas\n         25           Washington, D.C.       District of Columbia, Maryland, Virginia,\n                                             and overseas/special claims\n          50          National Office        Branch of Hearings and Review\n\nSubservicer\n\nDFEC utilizes a subservicer, SunGard, to provide computer hardware and a communications network\nbetween the national office, the District offices and the U.S. Treasury, to maintain a tape library and\ndisk drive backup and for other computer mainframe functions. SunGard\xe2\x80\x99s policies and procedures\nand related control objectives were omitted from the description of Control Objectives, Tests of\nPolicies and Procedures and Operating Effectiveness contained in this report. Control Objectives,\nTests of Policies and Procedures and Operating Effectiveness included in this report include only the\nobjectives that DFEC\xe2\x80\x99s policies and procedures are intended to achieve.\n\n\n\n\n                                                   30\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF CONTROL ENVIRONMENT\n\nAn organization\xe2\x80\x99s control environment reflects the overall attitude, awareness and actions of\nmanagement and others concerning the importance of controls and the emphasis given to control in\nthe organization\xe2\x80\x99s policies and procedures, methods, and organizational structure. The following is a\ndescription of the key policies and procedures that are generally considered to be part of the control\nenvironment.\n\nOrganization and Management\n\nOWCP is one of four agencies within ESA. DFEC is one of five divisions within OWCP.\n\n                             ESA, Office of Workers\xe2\x80\x99 Compensation Programs\n\n\n                                                                 Office of Workers\xe2\x80\x99\n                                                                   Compensation\n                                                                     Programs\n\n                                                  Regional\n                                                 Directors for\n                                                   OWCP\n\n\n\n               Division of         Division of            Division of          Division of Coal    Division of\n               Planning,            Federal              Longshore and         Mine Workers\xe2\x80\x99        Energy\n               Policy and          Employees\xe2\x80\x99           Harbor Workers\xe2\x80\x99         Compensation       Employees\xe2\x80\x99\n               Standards          Compensation           Compensation                             Compensation\n\n\n\n\n   Branch of                           Branch of\n    Policy,        Branch of           Resource\n   Planning         Medical          Allocation and\n     and         Standards and       Management\n    Review       Rehabilitation         Support\n\n\n\n                                        OWCP\n                                       Mail Room\n\n\n\n\n                                                          31\n\x0c                                  SECTION IIIB\n               DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                           POLICIES AND PROCEDURES\n\nDFEC has four branches:\n\n1.       Branch of Regulations and Procedures - This branch assists in developing claims and\n         benefit payment policies, regulations and procedures; prepares and maintains the program\'s\n         manuals; plans and conducts studies of claims and benefit payment functions; and\n         participates in training activities and accountability reviews of District offices.\n\n2.       Branch of Automatic Data Processing (ADP) Coordination and Control - This branch\n         provides ADP support services for the FECA program. It coordinates the overall ADP work\n         of DFEC and provides policy direction for ADP systems activities.\n\n3.       Branch of Technical Assistance - This branch develops materials for use by District offices\n         and other Federal agencies to educate Federal employees in reporting injuries and claiming\n         compensation under the FECA. They also hold workshops for compensation personnel in\n         various Federal agencies and for groups of employee representatives.\n\n4.       Branch of Hearings and Review - This branch is responsible for conducting hearings and\n         reviews of the written record in FECA cases. Hearing Representatives issue decisions\n         which sustain, reverse, modify, or remand cases to the OWCP District offices.\n\n                      Division of Federal Employees\xe2\x80\x99 Compensation (DFEC)\n\n\n\n\n                                           Office of the Director\n\n                                               Deputy Director\n\n\n\n\n                 Branch of        Branch of ADP               Branch of     Branch of\n               Regulations and     Coordination               Technical    Hearings and\n                 Procedures        and Control                Assistance     Review\n\n\n\n\n                                                  32\n\x0c                                      SECTION IIIB\n                   DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                               POLICIES AND PROCEDURES\n\nBranch Operations\n\nA Branch chief reports directly to the Deputy Director. The Director and Deputy Director coordinate\nthe operations of the 12 District offices.\n\nDistrict Offices\n\nA District Director (DD) oversees the daily operations at each of the 12 District offices. The DD in\neach office oversees the claims section and a Fiscal Officer who oversees the Fiscal Section.\n\nThe District offices serve the persons residing within their district. When an individual moves from\none district to another, the individual\'s case file and responsibility for monitoring the case is\ntransferred to the district office where the individual has moved, unless the case is for a claimant\nspecified as a special employee. Cases specified as special employee cases are always processed at\nDistrict office 50.\n\nThe specific functions within the District offices are:\n\n1.     Claims Functions. In each district office are two or more Supervisory Claims Examiners, who\n       are responsible for the operation of individual claims units, and a number of Senior Claims\n       Examiners and Claims Examiners (CE), who have primary responsibility for handling claims,\n       including authorization of compens ation and eligibility for medical benefits. Individuals at\n       each level of authority from DD to CE have been delegated specific responsibilities for issuing\n       decisions on claims.\n\n2.     Fiscal Functions. Each District office usually has a Fiscal Operations Specialist and at least\n       one Benefit Payment Clerk. Some District offices have a Bill Pay Supervisor as well. The\n       unit is generally responsible for resolution of problems with medical bills, complex\n       calculations of benefits and overpayments, adjustments to compensation and bill pay histories,\n       changes in health benefits and life insurance coverage, and financial management records. In\n       some District offices, fiscal personnel enter compensation payments into the electronic system.\n\n3.     Medical Functions. Each District office usually has at least one District Medical Adviser\n       (DMA) who works under contract to review individual cases, and some District offices have a\n       District Medical Director (DMD) as well. Each District office also has a Medical Management\n       Assistant, who arranges referrals to second opinion and referee specialists. Each District office\n       also has a Staff Nurse, who is responsible for coordinating a number of field nurses who\n       monitor claimant\'s medical progress and assist their efforts to return to work.\n\n\n\n\n                                                    33\n\x0c                              SECTION IIIB\n           DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                       POLICIES AND PROCEDURES\n\n4.   Mail and File Functions. Personnel in this area open, sort, and place mail; set up case files,\n     retire case records according to established schedules; and transfer case files in and out of\n     the District office. OWCP also uses a centralized mailroom located in London, Kentucky\n     for routine mail. Mail such as CA-1, CA-2, CA-7, CA-16, congressional inquiries and\n     certain types of medical provider bills are processed by the district offices and not in the\n     centralized mailroom.\n\n5.   Vocational Rehabilitation Functions. Each District office has at least one Rehabilitation\n     Specialist (RS) and usually a Rehabilitation Clerk. The RS manages a number of\n     Rehabilitation Counselors, who work under contract with OWCP to help return claimants to\n     suitable work, prefe rably with little or no loss of earnings. The emphasis of the\n     rehabilitation program is on early referral and evaluation of all injured workers who need\n     services; case management standards to ensure that plans are efficient and of good quality;\n     flexibility to provide the widest range of services from private and public rehabilitation\n     agencies; preference for reemployment with the previous employer; and placement of\n     workers in jobs where disability does not prevent then from competing with non-disabled\n     employees.\n\n\n                                 DFEC District Office Structure\n\n\n\n                                               Office of the\n                                                 District\n                                                 Director\n\n\n\n                     Assistant                                    Branch of\n                      District                                    Operations\n                     Director                                      Support\n\n\n\n                       Claims                       Mail and        Fiscal        Medical\n                       Section                       File          Section        Section\n                                                    Section\n                                                                   Bill Pay\n                                                                   Section\n\n\n\n\n                                               34\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF TRANSACTION PROCESSING\n\nIdentification and Registration of the Recipient of FECA Benefits\n\nAuthorized recipients of FECA benefits are those individuals who meet all of five eligibility criteria.\nInjured workers submit claim information to the district office which serves the geographical location\nin which the claimant resides. Claims are processed by the district office using the Case Management\nFile System (CMF).\n\nThe CMF uses a standard identification number of nine characters to identify each case file. This\nnumber is called the case number. All recipients of FECA benefits must have a unique case number\nrecorded in the CMF, some individuals could have multiple case numbers if the individual has\nsustained more than one injury.\n\nThe CMF maintains an automated file with identification on all individuals who have filed claims with\nFECA. These records contain data elements that identify the claimant, the mailing and/or location\naddress for the claimant, and additional injury information and case status information.\n\nBenefit Payments\n\nFECA claimants may be entitled to compensation for injury and lost wages, schedule awards, death\nbenefits and payment of medical expenses related to the work-related injury. The payments for lost\nwages, schedule awards and death benefits are processed through the Automated Compensation\nPayment System (ACPS), while the payments for injury-related medical expenses are processed\nthrough the Bill Payment System (BPS). Each of these systems support the Department of Labor\'s\ngeneral ledger system via an automated interface.\n\nThe primary function of ACPS is to process the payment of weekly, monthly, and supplemental\nbenefits to claimants. The ACPS interfaces with the CMF to ensure that approved claims are\nsupported by a valid case number. District office personnel input compensation payment data\nworksheets into the ACPS. The inputs onto the payment data worksheets are reviewed and if the\ninformation is correct, no further action is required and payments will be made during the next\nappropriate payment cycle.\n\nApproved payments are stored in a temporary file for the duration of the appropriate compensation\npayment cycle: Daily Roll (5 days), Death Benefits (28 days), or Disability (28 days). At the end of\nthe cycle, the mainframe runs automated programs to format the data to Treasury specifications, to\nupdate the compensation payment history files for use in the chargeback system, and to send\nsummarized information to the District office Fund Control System. The specially formatted Treasury\ninformation is sent to Treasury via a secure modem over a dedicated line for payment processing.\n\n\n\n\n                                                  35\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\n\nThe primary function of the BPS is to process payments to medical service providers or\nreimbursements to claimants for medical expenses incurred for the work-related injury. The national\noffice has the responsibility of compiling the BPS data on a nightly basis as it is transmitted from each\nDistrict office. Medical bills containing charges for other than appliances, supplies, services or\ntreatment provided and billed for by nursing homes are subject to a medical fee schedule. The\nmainframe will run a zip code check and a comparison check of the amount to be paid to fee schedules\nin each geographical area. If the amount is in excess of the geographical fee schedule, the system will\nlimit the payment to the maximum amount in the fee range. A bill in which certain fields are the same\nis identified by the system as a potential duplicate payment, excluded from payment and sent to a bill\nresolver at the District office to determine if a duplicate payment exists.\n\nApproved payments are stored in a temporary file for the duration of the bill payment cycle of 5 days.\nAt the end of the cycle, the mainframe runs programs that format the data to Treasury specifications,\nupdates the bill payment history files for use in the chargeback system, and sends summarized\ninformation to the District office Fund Control System. The specially formatted Treasury information\nis sent to Treasury via secure modem over a dedicated line for payment processing.\n\n\n\n\n                                                   36\n\x0c                                           SECTION IIIB\n                DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                                  POLICIES AND PROCEDURES\nThe following charts set forth an overview of transaction processing at DFEC:\n\nProcessing of Compensation Payments\n                                                                                                                 T-Cup\n             CA-7, Claim for                          CA-7 is                     Data Entry                 accesses CMF\n             Compensation is                          imaged                        Operator                 to check for a\n              received in the                           into\n                                                                                   keys dates                  valid case\n                Mailroom                              OASIS                       into T-Cup                    number\n\n\n\n                            Claims                                                                            Electgronic\n                           Examiner                                                                           case file is\n                          approves or                                                                         accessed by\n                          denies claim                                                                          the CE\n\n\n\n\n                        Claims Examiners\n                         key approved or\n                        denied status into\n                              ACPS\n                                                     Claim\n          Claim\n                                                    Accepted\n          Denied\n\n\n              Claimant is                                                                                                        ACPS stores\n                                           ACPS access\n            notified of case                                           Payment is               Payment is certified               approved\n                                               CMF to\n                                                                        set up by                  by a SrCE or                  payments for\n             determination                 ensure case\n                                                                           CE                       equivalent                     overnight\n                                            file number\n                                                                                                                                 transmission\n                                               is valid                                                                           to National\n                                                                                                                                  mainframe\n\n\n\n\n                                                               District office                  Mainframe\n                          CE approves or                     personnel receives                 transmits                     Mainframe receives\n                            does not                             CP-40 and                       payment                       payment data and\n                             approve                            distributes to                    data to                     calculates payment\n                            payment                                                               district                         schedule\n                                                             Claims Examiners\n                                                                                                  office\n\n\n Denied                                                   Approved\n\n\n\n          Claims Examiner                  Approved\n                                         payments are                         Payments not\n            re-inputs case                                                                                                Payment\n                                          submitted to                         changed are\n          and resubmits for                                                                                            information is\n                                         Senior Claims                          considered                             transmitted to\n              processing                 Examiner for                           acceptable\n                                                                                                                          treasury\n                                          verification\n\n\n\n\n                                                                         37\n\x0c                                     SECTION IIIB\n               DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                              POLICIES AND PROCEDURES\nProcessing of Medical Payments\n\n                              Bill is\n   Bill is received in         date               Bill is received\n    district office          stamped               by data entry          Data entry\n       mailroom             by district              personnel          personnel key\n                              office                                    payment into\n                            personnel                                       BPS\n\n\n\n\n                                                          BPS           BPS accesses\n                                                       performs         CMF to verify\n                                                      edit checks        case number\n\n\n\n\n                                                   BPS processes\n                                                   disposition of\n                                                    edit checks\n\n\n\n\n                          SUSPENDED                 APPROVED                   DENIED\n\n\n\n\n                         Suspended Items        Approved payments             Notice sent to\n                             Report              are transmitted to         provider of denial\n                                                National Mainframe          and appeal rights\n                                                     overnight\n\n\n    Approved               Suspended\n                             bills are            Payment data is\n                            reviewed            received in National\n                             by Bill                   Office\n                            Resolver\n\n                                                Payment is generated\n                                                 and sent to provider\n\n\n\n                           Bill resolver\n                           approves or                                        Denied\n                         denies payment\n\n\n\n\n                                           38\n\x0c                                   SECTION IIIB\n                DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                            POLICIES AND PROCEDURES\n\nComputer-Generated Reports\n\nBPS generates a summary report on a weekly basis. The report is a history of bill payments for the\nweek. This report can be utilized for investigative purposes as well as for confirming whether a\nparticular bill has been paid.\n\nThe ACPS generates a summary report on a daily basis which is a history of compensation payments.\nThis report can be utilized for investigative purposes as well as for confirming whether a particular\nclaim has been paid. The mainframe transmits updated ACPS History Files to the District offices\nwhere they are available for query purposes for 6 months. The mainframe retains the history files for\nquery purposes for 2 years before they are archived.\n\nChargeback System\n\nThe ACPS and BPS system history files are combined on a quarterly and annual basis to create the\nFECA Chargeback Report. The FECA Chargeback System (CBS) generates financial data that is\nprovided to DOL\xe2\x80\x99s core financial management system, DOLAR$. CBS provides methods for tracking\naccounts receivable - intra-governmental activity while maintaining all financial data centrally in\nDOLAR$. The June 30 year end FECA Chargeback Report is used to annually bill Federal agencies\nfor payments made on their behalf for the period July 1 to June 30. The Office of Management and\nPlanning (OMAP) provides quarterly benefit summaries to Federal agencies based on the FECA CBS.\n\nThe On- line Payment and Collection System (OPAC) is utilized to facilitate the electronic billing\nbetween Federal agencies through Treasury. OPAC\'s main responsibility is to process the SF-1081s.\nSF-1081 (Voucher and Schedule of Withdrawals and Credits) is a form which authorizes the transfer\nof expenses or income from one Federal agency\'s appropriation to another for services rendered. The\nreceivables are tracked in an internally maintained subsidiary ledger maintained by OMAP.\n\nThird Party Settlements\n\nAn injury or death for which compensation is payable to a FECA claimant that is caused under\ncircumstances creating a legal liability on a person or persons other than the United States (a third\nparty) to pay damages will result in the case being classified as a third party case. Status codes are\nused to track the progress of third party cases in the Case Management File System. OWCP usually\nrequires the claimant to pursue legal action; however, the United States can pursue action on its own\nby requiring the beneficiary to assign rights of action to the United States.\n\nA letter (CA-1045) is sent to a claimant by the claims examiner when initial injury reports indicate a\npotential third party. The CA-1045 requests information about the injury, the third party and the\nactions taken by the claimant in regards to pursuing a claim against the third party, including the\nhiring of an attorney.\n\n\n                                                 39\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nWhen the CE receives a reply to the CA-1045 (or does not receive a reply 30 days after the second\nrequest is sent to the claimant) or obtains the name and address of the attorney representing the\nclaimant, the case is processed by the claims examiner in the smaller district offices or referred to a\ndesignated claims examiner (DCE) in the larger district offices.\n\nA case may be closed as "minor" and not pursued if the claimant has an injury where the total medical\nbills, compensation and time lost from work do not exceed or are expected not to exceed $1,000.\nAdditionally, a case may only be closed as "minor" if the claimant has not responded to the CA-1045,\nor has responded but is not personally asserting a third party claim and has not retained an attorney.\n\nThe DCE refers the case to the appropriate DOL, Solicitor (SOL) in the following instances:\n\xe2\x80\xa2       the case is not minor and advice is received that the claimant is negotiating a settlement.\n\xe2\x80\xa2       advice is received that the claimant has retained an attorney to handle the third party action,\n        regardless of the amount of disbursements.\n\xe2\x80\xa2       the case is not minor and the claimant refuses to pursue the third party claim or does not\n        reply to the CA-1045.\n\xe2\x80\xa2       the third party case involves a death claim, a permanent disability, Job Corps, Peace Corps,\n        VISTA, an injury occurring outside the United States or Canada, a common carrier as the\n        potential defendant, malpractice, product liability or an injury to more than one employee.\n\nOnce referred to SOL, the DCE performs certain actions to ensure that the case is properly tracked\nwhile at SOL. For instance, after the initial referral, an updated disbursement statement is furnished to\nthe SOL within 5 working days of receipt of the request. It is essential that initiation of, termination\nof, or changes in periodic roll payments be reported to the SOL immediately. Additionally, the DCE\nrequests a status report from the SOL at 6- month intervals.\n\nWhen a settlement is reached in a third party case, the DCE prepares a Form CA-164 which is a\nsummary of all disbursements made to the claimant for compensation payments and to medical\nproviders on the claimants behalf, and forwards it to the fiscal section. If an amount owed from the\nclaimant is received by OWCP, the amount is credited against the ACPS and BPS, as appropriate. By\nrecording the amount in the ACPS and BPS, the proper employing agency is credited with the\namounts recovered from third party settlements.\n\nIf the full amount of the third party refund is not received from the claimant, an accounts receivable\nbalance is set up for the amount still due. If the amount recovered exceeds the amount already paid by\nOWCP to the claimant for compensation and medical benefits, then the excess amount is recorded and\ntracked in the case file to prohibit any additional benefits from being paid to the claimant until the\namount of eligible benefits to the claimant exceeds the excess amount.\n\n\n\n\n                                                   40\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOVERVIEW OF COMPUTER INFORMATION SYSTEMS\n\nThe computerized accounting system used by the Federal Employee\'s Compensation Special Benefit\nFund maintains all of the data for each of the claimants applying for FECA benefits. The Federal\nEmployees\' Compensation Systems (FECS) is the electronic data processing system for FECA\nbenefits. This computer system is comprised of the following five subsystems:\n\n          \xe2\x80\xa2   Automated Compensation Payment System\n          \xe2\x80\xa2   Medical Bill Processing System\n          \xe2\x80\xa2   Case Management File\n          \xe2\x80\xa2   Debt Management System\n          \xe2\x80\xa2   Chargeback System\n\nThe FECS provides authorized users with on- line access to the various subsystems for file\nmaintenance and information purposes. Access to the FECS through computer terminals located in\nboth the national and 12 District offices permits authorized users to perform a variety of functions,\nsuch as query, add, and update claims data, track claims and overpayments, calculate retroactive\nbenefit payments and enroll approved claimants for benefits on the FECS.\n\nIn addition to storing information relevant to claims adjudication, benefit entitlement and payment\nstatus, the FECS generates reports primarily used by management in administering the FECA\nProgram. The system also processes payments for covered medical expenses and monthly and\nsupplemental benefit payments to or on behalf of program beneficiaries.\n\nAccess to the FECS is limited to only certain employees, and their degree of access is based upon the\nuser\'s function within the program. The FECA EDP security officer within the Branch of ADP\nCoordination and Control is responsible for assigning passwords and other procedures required to\npermit access to the FECS at the national office; District Systems Managers are responsible for\nassigning passwords and other procedures required to permit access to the FECS at the District office\nlevel. Controls to restrict access to FECS to authorized personnel include the following (national and\ndistrict office level):\n\n          \xe2\x80\xa2 A security briefing is given for each person having access to the system.\n          \xe2\x80\xa2 Access and an access profile for authorized users are established through a security\n            software package (Access Control Facility).\n          \xe2\x80\xa2 Computer Information Control System establishes terminal access to the host computer.\n          \xe2\x80\xa2 Log on attempts are restricted to three attempts.\n          \xe2\x80\xa2 An audit trail report of unauthorized attempts to access the system is available.\n          \xe2\x80\xa2 Terminals are secured in locked rooms at the end of the work day.\n          \xe2\x80\xa2 Written procedures exist for both physical hardware and software security.\n\n\n\n                                                 41\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nOrganization and Administration\n\nA System Administrator is responsible for overseeing all the data processing activity of FECS. DFEC\nemploys approximately seven individuals within the Branch of ADP Coordination and Control and\nhas contracts with outside computer consulting firms, Affiliated Computer Services, Inc. (ACS), and\nViatech through which approximately 30 individuals work with DFEC. ACS and Viatech provide\nsoftware development and maintenance for DFEC.\n\nAt each District office, a System Manager is responsible for overseeing all the data processing activity\nperformed at the district level (including user access). The System Managers are under the\nsupervision of the Division of Information Technology Management and Services (DITMS). DITMS\nincludes both Federal Government employees and outside contractors. The System Managers have\naccess to system data for report generation and submission purposes. The System Managers can only\nextract information from the database and cannot change any of the source codes (i.e., programs).\n\nThe function of DITMS is to maintain computer networks, operating systems, and computer hardware\nsystems for the DOL environment. DITMS installs all of the data processing applications and\nmodifications developed by DF EC. In addition, DITMS is responsible for the management controls\nsurrounding the host mainframe application of FECS, such as assignment and maintenance of system\nsupport personnel to the mainframe and access violations monitoring.\n\nOperations\n\nThe Office of the Assistant Secretary for Administration and Management contracted with SunGard\nESourcing, Inc. (SunGard), for computer mainframe time-sharing services. SunGard provides\ncomputer hardware and a communications network between the national office, the district offices and\nthe U. S. Treasury. In addition, SunGard maintains a tape library and disk drive backup. The\nSunGard database includes all medical and disability compensation payment information since 1978.\n\nThere are four levels of hardware, software, communications, supplies and facility resources for\nDFEC: SunGard mainframe, national office Sequent minicomputers, district office Sequent\nminicomputers and the user and programmer development terminal personal computers with\nauthorized access into the mainframe or minicomputer system.\n\nThere are formal operator and user manuals for some components of the system. There are extensive\ninput edit checks in the software. Errors are automatically rejected by the system and queued for\nreview by the appropriate individuals. Reports that track the errors, including aging information, are\nroutinely produced.\n\n\n\n\n                                                  42\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nDocumentation\n\nHardware : DITMS maintains an extensive list of the hardware used in the FECS processing at all\nsites.\n\nSoftware : DITMS maintains an extensive list of the third party software used in the FECS processing\nwhich includes operating system software, compilers and utilities. DFEC is responsible for the\nmaintenance of FECS application software. All the hardware and software modifications are\ncontrolled by DOL. OWCP requests the modifications, DFEC designs and tests the modification, and\nDITMS installs the modifications.\n\nAcceptance testing is performed by DOL using an environment that closely copies the development\nenvironment. The procedures used for the acceptance testing varies according to subsystem. No\nformal documentation of the acceptance testing is maintained. However, DFEC maintains a history of\nall prior source code versions which provides evidence of all modifications of the source code.\n\nThe System Administrator has an assistant responsible for computer design development,\nprogramming and analysis. Another assistant of the System Administrator is responsible for\nevaluating the testing of all new and modified source codes (programming) and the distribution to the\ndistrict offices. Additionally, this assistant supervises all staff programmers.\n\nAnti-Virus Control\n\nThe FECS currently runs a variety of anti- virus or virus checking routines. Each file server runs an\nanti-virus module resident on the server. The local area networks (LANs) are "dustless" LANs. When\ndisks are scanned (e.g., for the installation of new software), anti- virus software is used to scan disks\nto identify and remove viruses. Personal computers attached to LANs in OWCP District offices\nutilize hard drives in addition to the central file server. All of the personal computers utilize an anti-\nvirus software and can be run in a scheduled or unscheduled ad hoc mode.\n\nSubservicer\n\nDFEC utilizes a subservicer, SunGard eSourcing, Inc. (Sungard), to provide computer hardware and a\ncommunications network between the national office, the District offices and the U.S. Treasury, to\nmaintain a tape library and disk drive backup and for other computer mainframe functions.\n\n\n\n\n                                                   43\n\x0c                                    SECTION IIIB\n                 DIVISION OF FEDERAL EMPLOYEES\' COMPENSATION\xe2\x80\x99S\n                             POLICIES AND PROCEDURES\n\nCONTROL OBJECTIVES AND RELATED POLICIES AND PROCEDURES\n\nDFEC\'s control objectives and related policies and procedures are included in Section IIIC of this\nreport, "Information Provided by the Service Auditor," to eliminate the redundancy that would result\nfrom listing them here. Although the control objectives and related policies and procedures are\nincluded in Section IIIC, they are, nevertheless, an integral part of DFEC\'s description of policies and\nprocedures.\n\nUSER CONTROL CONSIDERATIONS\n\nDFEC\'s processing of transactions and the control policies and procedures over the processing of\ntransactions were designed with the assumption that certain internal control policies and procedures\nshould be in operation at user organizations to complement the control policies and procedures at\nDFEC. User auditors should determine whether user organizations have established internal control\npolicies and procedures to ensure that:\n\xe2\x80\xa2     Employing agencies understand their responsibilities under FECA.\n\xe2\x80\xa2     Employing agencies provide injured employees with accurate and appropriate information\n      regarding injuries covered under FECA, including the employees\' rights and obligations and\n      claim forms.\n\xe2\x80\xa2     Employing agencies timely and accurately report all work-related injuries and deaths to DFEC\n      via the injury and death reporting forms such as the CA-1, CA-2, and CA-5, once completed by\n      injured employee or claimant in the case of death. Supervisors should encourage persons\n      witnessing injuries to record and report what was witnessed to DFEC.\n\xe2\x80\xa2     Employing agencies provide complete and accurate information regarding a claimant\xe2\x80\x99s rate of\n      pay, hours worked, leave taken, and continuation of pay to DFEC.\n\xe2\x80\xa2     Employing agencies promptly controvert questionable claims.\n\xe2\x80\xa2     Employing agencies monitor the medical status of injured employees to be aware of what work\n      the injured employee is capable of to enable the employing agency to provide additional\n      information on the requirements of a position, or modified position, when applicable.\n\xe2\x80\xa2     Employing agencies assist DFEC in returning employees to work by establishing or identifying\n      positions, either modified or light-duty, to return the injured employee to work as early as\n      possible. The Employing agency also needs to inform DFEC directly of the positions available.\n\xe2\x80\xa2     Employing agencies review the chargeback coding notification (postcard) sent by DFEC when\n      an injury report is received to ensure the individual will be charged to the proper agency and\n      department.\n\xe2\x80\xa2     Employing agencies review quarterly chargeback billings to ensure that each injured employee\n      charged to their department and agency are employees or former employees of the agency, and\n      that the amounts charged for compensation costs appear reasonable in light of the injured\n      employee\'s compensation and the date of injury.\n\n\n\n\n                                                  44\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nThis report is intended to provide users of the FECA Special Benefit Fund with information about the\ncontrol policies and procedures at the DFEC that may affect the processing of user organizations\'\ntransactions, general computer controls and also to provide users with information about the operating\neffectiveness of the policies and procedures that were tested. This report, when combined with an\nunderstanding and assessment of the internal control policies and procedures at user organizatio ns, is\nintended to assist user auditors in (1) planning the audit of the user organizations\' financial statements\nand (2) assessing control risk for assertions in user organizations\' financial statements that may be\naffected by policies and procedures at DFEC.\n\nOur testing of DFEC\'s internal control policies and procedures was restricted to the control objectives\nand the related policies and procedures listed in this section of the report and was not extended to\nprocedures described in Section IIIB but not included in this section or to procedures that may be in\neffect at user organizations. It is each user auditor\'s responsibility to evaluate this information in\nrelation to the internal control policies and procedures in place at each user organization. If certain\ncomplementary controls are not in place at user organizations, DFEC\'s internal control policies and\nprocedures may not compensate for such weaknesses.\n\nTESTS OF CONTROL ENVIRONMENT ELEMENTS\n\nThe control environment represents the collective effect of various elements in establishing, enhancing\nor mitigating the effectiveness of specific policies and procedures. In addition to tests of operating\neffectiveness of the policies and procedures listed in this section of this report, our procedures also\nincluded tests of and consideration of the relevant elements of the DFEC\'s control environment\nincluding:\n\n          DFEC\'s organizational structure and the segregation of duties\n          Management control methods\n          Management policies and procedures\n\nSuch tests included inquiry of appropriate management, supervisory, and staff personnel; inspection of\nDFEC\'s documents and records; observation of DFEC\'s activities and operations; and a limited review\nand evaluation of SunGard\'s, the subservicer, most recent SAS 70 report, issued for the period from\nOctober 1, 2000 to September 30, 2001. The results of these tests were considered in planning the\nnature, timing, and extent of our tests of the specified control policies and procedures related to the\ncontrol objectives described within this report.\n\n\n\n\n                                                   45\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nSAMPLING METHODOLOGY\n\nTo facilitate the testing of transaction processing controls, we developed a sampling plan as outlined\nbelow.\n\nWe performed tests on a sample of compensation for lost wages, schedule awards, death benefits and\nmedical benefit payments paid during the period October 1, 2001 to April 30, 2002, at 5 of 12 District\noffices. The sample design involved a two stage process.\n\nThe first stage in our sample design was the selection of district offices. District offices were\nrandomly selected by first forming two strata of the districts and then taking all the districts from the\nfirst strata, and selecting two districts from the second strata. This procedure resulted in the selection\nof five district offices. The 5 district offices comprised approximately $758 million of the\n$1.354 billion or 56 percent, of FECA payments during the seven month period ended April 30, 2002.\n\nThe second stage of the sample design was the selection of sampling units. The sampling units were a\nmedical bill or the total compensation payments paid to a single case number. The universe of the\nsample districts was stratified into 13 strata for the compensation payments and into 12 strata for the\nmedical payments. The sample size was determined for each of the 13 strata for compensation and 12\nstrata for the medical payments using the following parameters:\n\n          The total number of items and dollar value of the strata universe\n          The estimated variance within each strata\n          A 95% confidence level (5% risk of incorrect acceptance)\n          A variable sampling precision (2% to 7%) of the point estimate\n          Materiality and tolerable error as defined for FECA benefit payments\n\nUsing statistical formulas, these parameters yielded a total sample of 399 items. Of the total sample,\n214 were medical payments and 185 were compensation payments. The sample items were then\nrandomly selected.\n\nOur detailed substantive testing was performed at the following district offices with the following\nnumber of items tested:\n                                                                 Number of\n          District Office                                     Statistical Items\n          New York                                                      79\n          Jacksonville                                                  74\n          Chicago                                                       72\n          San Francisco                                                103\n          Seattle                                                       71\n          Total                                                        399\n\n\n                                                   46\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nOur testing at the district offices consisted of control tests in the following categories:\n\n       Case Creation                                                 Payment Processing\n       Initial Eligibility                                           Schedule Awards\n       File Maintenance                                              Death Benefits\n       Continuing Eligibility - Medical Evidence                     Medical Bill Payment Processing\n       Continuing Eligibility - Earnings Information                 Third Party Settlements\n\nThe number of sample items for control tests was statistically selected based on the sampling plan\ndetailed above. The number of sample items tested was determined based on the number of items to\nwhich the test of controls applied. The control tests would not be applicable to some sample items due\nto factors such as the age of the injury. Additional testing was performed on items which were\nselected in a non-statistical method.\n\nInitial Eligibility Cases\n\nAudit queries were generated which determined all of the cases in which claimants were injured and\nbegan receiving compensation during the sampling period of October 1, 2001 to April 30, 2002. From\na population of 968 initial eligibility cases in the 5 district offices tested, 10 cases per district office,\nfor a total sample of 50, was selected. We reviewed the case files to ensure that the proper procedures\nhad been followed in determining whether or not the claimants were eligible to receive benefit\npayments and whether benefit payments were paid at the correct amount.\n\nMultiple Claim Payments\n\nAudit queries were generated which compared certain elements of each compensation payment made\nduring the period October 1, 2001 through April 30, 2002. The query compared case files in which\nthe social security number was the same for multiple case files. This situation would normally occur\nwhen an employee has suffered more than one injury, as a separate case number is assigned for each\ninjury. We analyzed the payments to ensure that a claimant was not receiving excessive or\noverlapping compensation. We removed from the population of 1,090 multiple claim payments, the\ncases tested in previous years which resulted in no errors, and then selected a sample resulting in 50\nmultiple claim compensation payment items to be tested.\n\n\n\n\n                                                     47\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nProvider Type\n\nAudit queries were generated which determined medical bill payments made to chiropractors on\nclaimant cases for which the accepted condition did not involve the back or neck to determine if the\nproper provider type was being used and payments were properly supported with specifically required\nmedical evidence. We then randomly selected 125 cases from a population of 15,780, which met our\nquery definition, in the district offices in which testwork was to be performed.\n\nPotential Duplicate Medical Payments\n\nAudit queries were generated which determined medical bill payments which appeared to have been\nmade in duplicate and were over $5,000. We tested all 128 medical bills in the district offices in\nwhich testwork was to be performed.\n\nThird Party\n\nAudit queries were generated which determined all claimants that had a third party status indicator in\nthe CMF. We then randomly selected 50 cases from a population of 1,811 cases with third party\nindicators, active within the past year, in the district offices in which test work was to be performed.\n\nCurrent Medical Evidence\n\nAudit queries were generated which determined all claimants with a short term liability status, on\nwhich compensation was currently being paid, but for which no medical payments were made in the\npast two years, to determine which cases may not have current medical evidence. We then randomly\nselected 50 cases from a population of 3,190 cases which met our query definition, in the district\noffices in which testwork was to be performed.\n\n\n\n\n                                                  48\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nSummary of Sample Items\n\nThe following sample items were selected for substantive testing of transactions:\n\nSample Type               New      Jacksonville    Chicago       San         Seattle   Sub-         Sub-    Total\n                          York                                Francisco                total        total\nLost Wages (S)             27             23           27        28            20      125\nDeath (S)                  4              4            4          4            6        22          185\nSchedule Award (S)         7              8            7          7            9        38                  399\nMedical Bills (S)          41             39           34        64            36          214\nInitial Eligibility (N)    10             10           10        10            10              50\n                                                                                                            100\nMultiple Claim (N)         10             10           10        10            10              50\nProvider Type (N)          25             25           25        25            25                    125\nPotential Duplicates(N)     5             41           42        31            9                     128\n\n\n\nThe following sample items were selected for testing of internal controls:\n\n\nSample Type               New      Jacksonville    Chicago       San         Seattle   Sub-         Sub-    Total\n                          York                                Francisco                total        total\nLost Wages (S)             27             23           27        28            20      125\nDeath (S)                  4              4            4          4            6        22          185\nSchedule Award (S)                                                                                          310\n                           7              8            7          7            9        38\nMedical Bills (S)          23             25           25        26            26          125\nInitial Eligibility (N)    10             10           10        10            10                    50\nThird Party (N)            10             10           10        10            10                    50\nCurrent Medical (N)        10             10           10        10            10                    50\n\n(S) \xe2\x80\x93 Statistically selected sample\n(N) \xe2\x80\x93 Non-statistically selected sample\n\n\n\n\n                                                  49\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n\n\nCONTROL OBJECTIVES, RELATED POLICIES AND PROCEDURES, AND TESTS OF\nDESCRIBED POLICIES AND PROCEDURES\n\nThis section presents the following information provided by the DFEC:\n\n\xe2\x80\xa2   The control objectives specified by management of DFEC.\n\n\xe2\x80\xa2   The policies and procedures established and specified by DFEC to achieve the specified control\n    objectives.\n\nAlso included in this section is the following information provided by the service auditor:\n\n\xe2\x80\xa2   A description of the tests performed in regard to the described policies and procedures by the\n    service auditor to determine whether DFEC\'s control policies and procedures were operating with\n    sufficient effectiveness to achieve stated control objectives.\n\n\xe2\x80\xa2   The results of the service auditors\' tests of the described policies and procedures.\n\n\n\n\n                                                    50\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         GENERAL COMPUTER CONTROLS\n\n\nControl Objective: General Computer Controls - Control policies and procedures provide\nreasonable assurance that DFEC has generally established computer controls over entity-wide\nsecurity, access controls, application software development and change controls, segregation of duties,\nsystems software, and service continuity.\n\nDescription of Policies and Procedures\n\nEntity-wide Security\n\nESA, of which DFEC is a division, periodically assesses risk through independent risk assessments\nthat are performed and documented on a regular basis or whenever systems, facilities, or other\nconditions change. The risk assessments consider data sensitivity and integrity and range of risks to\nthe entity\'s systems and data; and, final risk determinations and related management approvals are\ndocumented and maintained on file.\n\nESA, of which DFEC is a division, has a security program plan that: covers all major facilities and\noperations, has been approved by key affected parties, and covers the topics prescribed by OMB\nCircular A-130 (general support systems/major applications): Rules of the system/Application rules,\nTraining/ Specialized training, Personnel controls/Personnel security, Incident response capability/\nContinuity of support/Contingency planning, Technical security/Technical controls, System\ninterconnection/Information sharing, public access controls, access controls, application software\ndevelopment and change controls, segregation of duties, systems software, and service continuity.\nThe plan is reviewed periodically and adjusted to reflect current conditions and risks.\n\nESA\xe2\x80\x99s security program plan establishes a security management structure with adequate\nindependence, authority, and expertise. An information systems security manager has been appointed\nat an overall level and at appropriate subordinate levels.\n\nThe security plan clearly identifies who owns computer-related resources and who is responsible for\nmanaging access to computer resources. Security responsibilities and expected behaviors are clearly\ndefined for: (1) information resource owners and users (2) information resources management and\ndata processing personnel (3) senior management (4) security administrators.\n\nESA has implemented an ongoing security awareness program that includes first-time training for all\nnew employees, contractors, and users, and periodic refresher training thereafter. Security policies are\ndistributed to all affected personnel, including system/application rules and expected behaviors.\n\nESA\'s incident response capability has the characteristics suggested by industry standards: use of virus\ndetection software, an understanding of the constituency being served, an educated constituency that\ntrusts the incident handling team, a means of prompt centralized reporting, response team members\nwith the necessary knowledge, skills, and abilities, and links to other relevant groups.\n\n                                                  51\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nFor prospective employees, references are contacted and background checks performed. Periodic\nreinvestigations are performed at least once every 5 years, consistent with the sensitivity of the\nposition per criteria from the Office of Personnel Management. Regularly scheduled vacations\nexceeding several days are required, and the individual\'s work is temporarily reassigned. Regular job\nor shift rotations are required. Termination and transfer procedures include: exit interview procedures;\nreturn of property, keys, identification cards, passes, etc.; notification to security management of\nterminations and prompt revocation of IDs and passwords; immediately escorting terminated\nemployees out of the entity\'s facilities; and identifying the period during which non-disclosure\nrequirements remain in effect.\n\nSkill needs are accurately identified and included in job descriptions, and employees meet these\nrequirements. A training program has been developed. Employee training and professional\ndevelopment are documented and monitored.\n\nESA\xe2\x80\x99s Information Systems security program is subjected to periodic reviews. Major applications\nundergo independent review or audit at least every 3 years. Major systems and applications are\naccredited by the managers whose missions they support.\n\n\n              Tests of Described Policies and Procedures:                                  Results of Tests\nReviewed risk assessment policies, the most recent high-level risk         A FECA risk assessment was conducted\nassessment, and the objectivity of personnel who performed and reviewed    covering all areas of ESA security. Eight\nthe assessment.                                                            general areas of vulnerability and five\n                                                                           significant threats, along with five safeguards\n                                                                           and compensating controls were identified.\n                                                                           ESA-FECA has made partial progress\n                                                                           resolving these areas of security.\nReviewed the security plan and determined whether the plan covered the     No exceptions were noted.\ntopics prescribed by OMB Circular A-130 and reviewed any related\ndocumentation which indicated that the security plan had been reviewed\nand updated, and was current.\nInterviewed the security management staff and security manager to          No exceptions were noted.\ndetermine whether the entity had a security plan and organization chart.\nReviewed documentation supporting or evaluating the security awareness     No exceptions were noted.\nprogram, memos, electronic mail files, or other policy distribution\nmechanisms, and personnel files to test whether security awareness\nstatements are current.\nInterviewed data owners and system users to determine what training        Two of 14 newly hired FECA employees had\nnewly hired employees had received and if they were aware of their         no evidence that training had been completed.\nsecurity-related responsibilities.                                         No other exceptions were noted.\nInterviewed the security manager, response team members, and system        No exceptions were noted.\nusers to determine whether an incident response capability has been\nimplemented.\n\n\n\n\n                                                          52\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\n             Tests of Described Policies and Procedures:                                    Results of Tests\nReviewed documentation supporting incident handling activities.             ESA Management was unable to provide\n                                                                            documentation evidencing the existence and\n                                                                            operation to support if an incident response\n                                                                            capability has been imp lemented.\nReviewed hiring policies, reinvestigation policies, policies on             No exceptions were noted.\nconfidentiality or security agreements, vacation policies, job rotation\npolicies, staff assignment records, and other pertinent policies and\nprocedures.\nFor a selection of recent hires, inspect personnel records and determine    No exceptions were noted.\nwhether references have been contacted and background checks\nperformed. For a selection of sensitive positions, inspect personnel\nrecords and determine whether background reinvestigations have been\nperformed.\nFor a selection of users, determine whether confidentiality or security     No exceptions were noted.\nagreements are on file. Inspect personnel records to identify individuals\nwho have not had vacation or sick leave in the past year. Determine who\nperformed vacationing employee\xe2\x80\x99s work during vacation. For a selection\nof terminated or transferred employees examine documentation showing\ncompliance with policies. Compare a system generated list of users to a\nlist of active user employees.\nReviewed job descriptions for security management personnel and a           ESA management was unable to provide\nselection of other personnel. For a selection of employees, compare         documentation evidencing the existence and\npersonnel records on education and experience with job descriptions.        operation of controls to support position\nReviewed training program documentation, training records, and other        descriptions for four non-security related\nrelated documentation for selected personnel.                               FECA employees.\nReviewed reports resulting from recent assessments (including the most      No exceptions were noted.\nrecent FMFIA report), written authorizations or accreditation statements,\nand documentation related to corrective actions.\nReviewed the status of prior year audit recommendations to determine if     ESA has implemented corrective action plans.\ncorrective actions have been implemented.\n\n\n\n\nAccess Controls\n\nClassifications and criteria have been established and communicated to resource owners. Resources\nare classified based on risk assessments; classifications are documented and approved by an\nappropriate senior official and are periodically reviewed.\n\n\n\n\n                                                           53\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         GENERAL COMPUTER CONTROLS\n\n\nAccess authorizations are documented on standard forms and maintained on file, approved by senior\nmanagers, and securely transferred to security managers. Owners periodically review access\nauthorization listings and determine whether they remain appropriate. The number of users who can\ndial into the system from remote locations is limited and justification for such access is documented\nand approved by owners.\n\nSecurity managers review access authorizations and discuss any questionable authorizations with\nresource owners. All changes to security profiles by security managers are automatically logged and\nperiodically reviewed by management independent of the security function. Unusual activity is\ninvestigated. Security is notified immediately when system users are terminated or transferred.\n\nEmergency and temporary access authorizations are documented on standard forms and maintained on\nfile, approved by appropriate managers, securely communicated to the security function; and\nautomatically terminated after a predetermined period.\n\nStandard forms are used to document approval for archiving, deleting, or sharing data files. Prior to\nsharing data or programs with other entities, agreements are documented regarding how those files are\nto be protected. Facilities housing sensitive and critical resources have been identified. All significant\nthreats to the physical well-being of sensitive and critical resources have been identified and related\nrisks determined. Access is limited to those individuals who routinely need access through the use of\nguards, identification badges, or entry devices, such as key cards. Management regularly reviews the\nlist of persons with physical access to sensitive facilities. Keys or other access are needed to enter the\ncomputer room and tape/media library. All deposits and withdrawals of tapes and other storage media\nfrom the library are authorized and logged. Unissued keys or other entry devices are secured.\nEmergency exit and re-entry procedures ensure that only authorized personnel are allowed to reenter\nafter fire drills, etc.\n\nVisitors to sensitive areas, such as the main computer room and tape/media library, are formally\nsigned in and escorted. Entry codes are changed periodically. Visitors, contractors, and maintenance\npersonnel are authenticated through the use of preplanned appointments and identification checks.\nPasswords are unique for specific individuals, not groups; controlled by the assigned user and not\nsubject to disclosure; changed periodically--every 30 to 90 days; not displayed when entered; at least 6\nalphanumeric characters in length; and prohibited from reuse for at least 6 generations. Use of names\nor words is prohibited. Vendor-supplied passwords are replaced immediately. Generic user IDs and\npasswords are not used. Attempts to log on with invalid passwords are limited to 3 attempts.\n\nPersonnel files are automatically matched with actual system users to remove terminated or\ntransferred employees from the system. Password files are encrypted. For other devices, such as\ntokens or key cards, users maintain possession of their individual tokens, cards, etc. and understand\nthat they must not loan or share these with others and must report lost items immediately.\n\n\n                                                   54\n\x0c                                  SECTION IIIC\n                   INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          GENERAL COMPUTER CONTROLS\n\n\nAn analysis of the logical access paths is performed whenever system changes are made. Security\nsoftware is used to restrict access. Access to security software is restricted to security administrators\nonly. Computer terminals are automatically logged off after a period of inactivity. Inactive users\'\naccounts are monitored and removed when not needed. Security administration personnel set\nparameters of security software to provide access as authorized and restrict access that has not been\nauthorized. This includes access to data files, load libraries, batch operational procedures, source\ncode libraries, security files, and operating system files. Naming conventions are used for resources.\n\nDatabase management systems (DBMS) and data dictionary controls have been implemented that\nrestrict access to data files at the logical data view, field, or field-value level; control access to the data\ndictionary using security profiles and passwords; maintain audit trails that allow monitoring of\nchanges to the data dictionary; and provide inquiry and update capabilities from application program\nfunctions, interfacing DBMS or data dic tionary facilities. Use of DBMS utilities is limited. Access\nand changes to DBMS software are controlled. Access to security profiles in the data dictionary and\nsecurity tables in the DBMS is limited.\n\nCommunication software has been implemented to verify terminal identifications in order to restrict\naccess through specific terminals; verify IDs and passwords for access to specific applications; control\naccess through connections between systems and terminals; restrict an application\'s use of network\nfacilities; protect sensitive data during transmission; automatically disconnect at the end of a session;\nmaintain network activity logs; restrict access to tables that define network options, resources, and\noperator profiles; allow only authorized users to shut down network components; monitor dial- in\naccess by monitoring the source of calls or by disconnecting and then dialing back at preauthorized\nphone numbers; restrict in- house access to telecommunications software; control changes to\ntelecommunications software; ensure that data are not accessed or modified by an unauthorized user\nduring transmission or while in temporary storage; and restrict and monitor access to\ntelecommunications hardware or facilities.\n\nIn addition to logical controls: the opening screen viewed by a user provides a warning and states that\nthe system is for authorized use only and that activity will be monitored, dial- in phone numbers are\nnot published and are periodically changed, cryptographic tools have been implemented to protect the\nintegrity and confidentiality of sensitive and critical data and software programs. Procedures have\nbeen implemented to clear sensitive data and software from discarded and transferred equipment and\nmedia. All activity involving access to and modifications of sensitive or critical files is logged.\n\nSecurity violations and activities, including failed logon attempts, other failed access attempts, and\nsensitive activity, are reported to management and investigated. Security managers investigate security\nviolations and report results to appropriate supervisory and management personnel. Appropriate\ndisciplinary actions are taken. Violations are summarized and reported to senior management. Access\ncontrol policies and techniques are modified when violations and related risk assessments indicate that\nsuch changes are appropriate.\n\n                                                      55\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\n\nTests of Described Policies and Procedures                                          Results of Tests\nReviewed policies and procedures and resource classification documentation          No exceptions were noted.\nand compared to risk assessments. Discussed any discrepancies with\nappropriate officials. Interviewed resource owners.\nReviewed pertinent written policies and procedures. For a selection of users,       The system is not configured to log\n(both application user and IS personnel), review access authorization               profile changes. No other exceptions\ndocumentation. Interview owners and review supporting documentation.                were noted.\nDetermine whether inappropriate access is removed in a timely manner. For a\nselection of users with dial-up access, review authorization and justification.\nInterview security managers and review documentation provided to them.\nReview a selection of recent profile changes and activity logs. Obtain a list of\nrecently terminated employees from Personnel, and for a selection, determine\nwhether system access was properly terminated.\nCompared a selection of both expired and active temporary and emergency             No exceptions were noted.\nauthorizations (obtained from the authorizing parties) with a system-generated\nlist of authorized users. Determine the appropriateness of access\ndocumentation.\nExamined standard approval forms and documents authorizing file                     No exceptions were noted.\nsharing and file sharing agreements. Interviewed data owners.\nReviewed a diagram of the physical layout of the computer telecommunications No exceptions were noted.\nand cooling system facilities. Walk through facilities.\nReview access path diagram.                                                         No exceptions were noted.\nObserved entries to and exits from the facilities, including sensitive areas during No exceptions were noted.\nand after normal business hours, utilities access paths, practices for safeguarding\nkeys and other devices, appointment and verification procedures for visitors, a\nfire drill, users keying in passwords, terminals in use. Observe a fire drill.\nReview written emergency procedures.\nInterviewed management, employees, guards at facility entry, users and security No exceptions were noted.\nmanagers and database administrator.\nSelected from the log some returns and withdrawals, verified the physical           No exceptions were noted.\nexistence of the tape or other media, and determined whether proper\nauthorization was obtained for the movement.\nReview visitor entry logs. Observe entries to and exits from sensitive areas        No exceptions were noted.\nduring and after normal business hours. Interview guards at facility entry.\nReview documentation on and logs of entry code changes. Observe\nappointment and verification procedures for visitors.\nInterview users. Review security software parameters. Attempted to log on           No exceptions were noted.\nwithout a valid password; made repeated attempts to guess passwords.\nAttempted to log on using common vendor supplied passwords. Searched\npassword file using audit software. Assessed procedures for generating and\ncommunicating passwords to users. Review security logs. Interview security.\nInterview security administrators and system users. Review security software        ESA\xe2\x80\x99s network does not have an idle\nparameters. Observe terminal in use. Determine whether naming conventions           time network log out feature activated.\nare used.                                                                           No other exceptions were noted.\n\n\n\n\n                                                            56\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                             GENERAL COMPUTER CONTROLS\n\n\nTests of Described Policies and Procedures                                           Results of Tests\nReviewed pertinent policies and procedures. Reviewed parameters set by               No exceptions were noted.\ntelecommunications software or teleprocessing monitors. Tested\ntelecommunications controls by attempting to access various files through\ncommunications networks. Identified all dial-up lines through automatic dialer\nsoftware routines and compare with known dial-up access. Interviewed\ntelecommunications management staff and users. View the opening screen by\ntelecommunication system users. Run entity\xe2\x80\x99s telephone directory to verify that\nnumbers are not listed.\nReviewed written procedures. Interviewed personnel responsible for clearing          No exceptions were noted.\nequipment and media. For a selection of recently discarded or transferred items,\nexamined documentation related to clearing of data and software.\nReviewed security software settings to identify types of activity logged, security   Security violations have not been\nviolation reports and documentation showing reviews of questionable activities.      documented. ESA has a Computer\nTested a selection of security violations to verify that follow-up investigations    Security Incident Response and\nwere performed and to determine what actions were taken against the                  Reporting Manual, but was unable to\nperpetrator. Evaluate cryptographic tools.                                           provide documentation evidencing the\n                                                                                     controls.\nInterviewed senior management and personnel responsible for summarizing              Security violations have not been\nviolations and reviewed supporting documentation.                                    documented. ESA has a Computer\n                                                                                     Security Incident Response and\n                                                                                     Reporting Manual, but was unable to\n                                                                                     provide documentation evidencing the\n                                                                                     controls.\n\nApplication Software Development and Change Control\n\nSystem Development Life Cycle (SDLC) methodology has been developed that provides a structured\napproach consistent with generally accepted concepts and practices, including active user involvement\nthroughout the process, is sufficiently documented to provide guidance to staff with varying levels of\nskill and experience, provides a means of controlling changes in requirements that occur over the\nsystem\'s life, and includes documentation requirements.        Program staff and staff involved in\ndeveloping and testing software have been trained and are familiar with the use of the organization\'s\nSDLC methodology.\n\nSoftware change request forms are used to document requests and related approvals. Change requests\nmust be approved by both system users and data processing staff. Clear policies restricting the use of\npersonal and public domain software have been developed and are enforced. DFEC uses virus\nidentification software.\n\nTest plan standards have been developed for all levels of testing that define responsibilities for each\nparty (e.g., users, system analysts, programmers, auditors, quality assurance, library control). Detailed\nsystem specifications are prepared by the programmer and reviewed by a programming supervisor.\nSoftware changes are documented so that they can be traced from authorization to the final approved\ncode and they facilitate "trace-back" of code to design specifications and functional requirements by\nsystem testers. Test plans are documented and approved that define responsibilities for each party\n                                                             57\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\ninvolved (e.g., users, systems analysts, programmers, auditors, quality assurance, library control).\nUnit, integration, and system testing are performed and approved in accordance with the test plan and\napplying a sufficient range of valid and invalid conditions.\n\nA comprehensive set of test transactions and data has been developed that represents the various\nactivities and conditions that will be encountered in processing. Live data is not used in testing\nprogram changes, except to build test data files. Test results are reviewed and documented. Program\nchanges are moved into production only upon documented approval from users and system\ndevelopment management.\n\nDocumentation is updated for software, hardware, operating personnel, and system users when a new\nor modified system is implemented. Data center management and/or the security administrators\nperiodically review production program changes to determine whether access controls and change\ncontrols have been followed.\n\nEmergency changes are documented and approved by the operations supervisor, formally reported to\ncomputer operations management for follow-up, and approved after the fact by programming\nsupervisors and user manage ment.\n\nStandardized procedures are used to distribute new software for implementation. Implementation\norders, including effective date, are provided to all locations where they are maintained on file.\nLibrary management software is used to produce audit trails of program changes, maintain program\nversion numbers, record and report program changes, maintain creation/date information for\nproduction modules, maintain copies of previous version, and control concurrent updates.\n\nTests of Described Policies and Procedures                                          Results of Tests\nReviewed the SAS #70 Report from SunGard eSourcing, Inc., the subservicer,          No exceptions were noted.\nto determine whether the following application software development and\nchange controls existed at SunGard:\n\xe2\x80\xa2 Inquired as to the procedures management has implemented to control tape\n     management.\n\xe2\x80\xa2 Observed the tapes in the computer room and tape storage area noting the\n     unique identification of tapes with labels and bar codes.\n\xe2\x80\xa2 Observed the I/O Manager mounting an incorrect tape on the system noting\n     the tape management system issued an error message indicating an\n     incorrect tape mount. Observed the Manager mount a correct tape and the\n     system begin to process the tape.\n\xe2\x80\xa2 Inspected the daily scratch tape listing and noted the report contained the\n     volser number, dataset name, creation date, and expiry time and date of\n     tapes that would be scratched.\n\xe2\x80\xa2 Observed the transfer of tapes off-site noting a third-party courier service is\n     used to transport tapes to the off-site tape storage facility.\n\xe2\x80\xa2 Observed the contents of a box prepared to ship off-site noting the box\n     contained magnetic tapes as well as distribution, inventory, and transaction\n     sheets.\n                                                            58\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nTests of Described Policies and Procedures                                        Results of Tests\n\xe2\x80\xa2 Inspected the transaction sheets noting proper sign-off by SunGard staff and\n    the off-site data storage vendor.\n\xe2\x80\xa2 Inquired of the I/O Manager as to procedures for the tape librarian to\n    compare the tapes returned from the off-site facility to the inventory list\n    from the tape management system and investigate differences.\n\xe2\x80\xa2 Observed the Foreign Tape Utilities on-line noting that all changes to the\n    system are logged by the audit trail.\n\xe2\x80\xa2 Inspected a sample of tape mail requests noting proper documentation and\n    authorization for the delivery and release of\n   tapes, including requesting company, destination, request\n   status and datas et name.\n\xe2\x80\xa2 Toured the Receiving Area and inspected the Receiving log noting that all\n    packages received are signed-off by SunGard personnel.\n\xe2\x80\xa2 Inquired as to the operation of these procedures throughout the test period.\n\nSystem Software\n\nPolicies and procedures for restricting access to systems software are kept up-to-date. Access to\nsystem software is restricted to a limited number of personnel, corresponding to job responsibilities.\nApplication programmers and computer operators are specifically prohibited from accessing system\nsoftware. Documentation showing justification and management approval for access to system\nsoftware is kept on file. The access capabilities of system programmers are periodically reviewed for\npropriety to see that access permissions correspond with job duties.\n\nPolicies and procedures for using and monitoring use of system software utilities are kept up-to-date.\nResponsibilities for using sensitive system utilities have been clearly defined and are understood by\nsystems programmers. Responsibilities for monitoring use are defined and understood by technical\nmanagement. The use of sensitive system utilities is logged using access control software reports or\njob accounting data (e.g., IBM\'s System Manageme nt Facility).\n\nThe use of privileged system software and utilities is reviewed by technical management.\nInappropriate or unusual activity in using utilities is investigated. System programmers\' activities are\nmonitored and reviewed. Management reviews are performed to determine that control techniques for\nmonitoring use of sensitive system software are functioning as intended and that the control\ntechniques in place are maintaining risks within acceptable levels (e.g., periodic risk assessments).\n\nPolicies and procedures are kept up-to-date for identifying, selecting, installing, and modifying system\nsoftware. Procedures include an analysis of costs and benefits and consideration of the impact on\nprocessing reliability and security. Procedures exist for identifying and documenting system software\nproblems. This should include using a log to record the problem, the name of the individual assigned\nto analyze the problem, and how the problem was resolved.\n\n\n\n                                                           59\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nNew system software versions or products and modifications to existing system software receive\nproper authorization and are supported by a change request. New system software versions or\nproducts and modifications to existing system software are tested and the test results are approved\nbefore implementation.\n\nProcedures include: a written standard that guides the testing, which is conducted in a test rather than\nproduction environment; specification of the optional security-related features to be turned on, when\nappropriate; review of test results by technically qualified staff who document their opinion on\nwhether the system software is ready for production use; and review of test results and documented\nopinions by data center management prior to granting approval to move the system software into\nproduction use.\n\nProcedures exist for controlling emergency changes. Procedures include:       authorizing and\ndocumenting emergency changes as they occur; reporting the changes for management review; and\nreview by an independent IS supervisor of the change.\n\nInstallation of system software is scheduled to minimize the impact on data processing and advance\nnotice is given to system users. Migration of tested and approved system software to production use is\nperformed by an independent library control group. Outdated versions of system software are\nremoved from production libraries. Installation of all system software is logged to establish an audit\ntrail and reviewed by data center management. Vendor-supplied system software is still supported by\nthe vendor. All system software is current and has current and complete documentation.\n\nTests of Described Policies and Procedures                                         Results of Tests\nReviewed the SAS #70 Report from SunGard eSourcing, Inc., the subservicer,         No exceptions were noted.\nto determine whether the following system software controls exist at SunGard:\n\xe2\x80\xa2 Inquired as to the procedures management has implemented to control\n     changes or updates to systems software.\n\xe2\x80\xa2 Inspected the SunGard Software Maintenance Policy and Procedure\n     document.\n\xe2\x80\xa2 Inspected SunGard\xe2\x80\x99s Production Software Listing noting the system\n     software listed reflects current versions of software that are supported by\n     the vendor.\n\xe2\x80\xa2 Inspected the SunGard Software Maintenance and Upgrade Schedule noting\n     that the procedures documented in this plan were the procedures\n     documented in Peregrine Service Center for the change requests selected.\n\xe2\x80\xa2 Identified a select number of system software change requests noting that\n     the change requests were entered in Peregrine Service Center and detailed\n     information supporting the change request was documented in Peregrine\n     Service Center.\n\xe2\x80\xa2 Observed on-line that the change requests selected were prioritized based\n     upon criticality and were closed within one day of requested\n     implementation.\n\xe2\x80\xa2 Inspected a sample of problems reported by clients and software change\n     requests noting the change history was documented in detail in the\n\n                                                           60\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nTests of Described Policies and Procedures                                         Results of Tests\n    Peregrine Service Center database, including the requesting client, affected\n    system, target date, staff who made the change, change status, and\n    description of the problem and action. Also noted the following:\n  (a) They were assigned priority levels, such as critical, limited, and\n         impacting and resolved in a timely manner.\n  (b) Requests are received by Customer Service and approved by the\n         appropriate department manager.\n  (c) All changes are adequately tested and moved to a development library\n         before being migrated to production.\n\n\xe2\x80\xa2   Noted that the above problems were responded to within 24 hours, followed\n    up within 48 hours and eventually resolved.\n\xe2\x80\xa2   Observed an inspected Peregrine Service Center on-line noting that the\n    Quality Assurance procedures were documented and existed for all change\n    requests selected.\n\xe2\x80\xa2   Inspected the Change Report which is used to communicate to Operations\n    personnel the testing and back-out procedures for system software changes.\n    For a sample of changes, inspected documented testing and back-out\n    procedures and sign-off by Operations personnel indicating the jobs were\n    run.\n\xe2\x80\xa2   Inquired about daily meeting when any open requests are prioritized.\n\xe2\x80\xa2   Inspected the checklist used during software testing prior to migration into\n    production noting that the checklist is used to document software testing\n    and complies with the Software Maintenance Plan.\n\xe2\x80\xa2   Inquired as to the operation of these procedures throughout the test period.\n\nSegregation of Duties\n\nPolicies and procedures for segregating duties exist and are up-to-date. Distinct systems support\nfunctions are performed by different individuals, including the following: IS management, system\ndesign, application programming, systems programming, quality assurance/testing, library\nmanagement/change management, computer operations, production control and scheduling, data\ncontrol, data security, data administration, and network administration.\n\nNo individual has complete control over incompatible transaction processing functions. Specifically,\nthe following combination of functions are not performed by a single individual: data entry and\nverification of data, data entry and its reconciliation to output, input of transactions for incompatible\nprocessing functions (e.g., input of vendor invoices and purchasing and receiving information), and\ndata entry and supervisory authorization functions (e.g., authorizing a rejected transaction to continue\nprocessing that exceeds some limit requiring a supervisor\'s review and approval).\n\nData processing personnel are not users of information systems. They and security managers do not\ninitiate, input, or correct transactions. Day-to-day operating procedures for the data center are\nadequately documented and prohibited actions are identified. Regularly scheduled vacations and\nperiodic job/shift rotations are required\n                                                            61\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\n\nDocumented job descriptions accurately reflect assigned duties and responsibilities and segregation of\nduty principles. Documented job descriptions include definitions of the technical knowledge, skills,\nand abilities required for successful performance in the relevant position and can be used for hiring,\npromoting, and performance evaluation purposes.\n\nAll employees fully understand their duties and responsibilities and carry out those responsibilities in\naccordance to their job descriptions. Senior management is responsible for providing adequate\nresources and training to ensure that segregation of duty principles are understood and established,\nenforced, and institutionalized within the organization. Responsibilities for restricting access by job\npositions in key operating and programming activities are clearly defined, understood, and followed.\n\nStaff\'s performance is monitored on a periodic basis and controlled to ensure that objectives laid out in\njob descriptions are carried out. Management reviews are performed to determine that control\ntechniques for segregating incompatible duties are functioning as intended and that the control\ntechniques in place are maintaining risks within acceptable levels (e.g., periodic risk assessments).\n\nDetailed, written instructions exist and are followed for the performance of work. Operator instruction\nmanuals provide guidance on system operation. Application run manuals provide instruction on\noperating specific applications. Operators are prevented from overriding file label or equipment error\nmessages.\n\nPersonnel are provided adequate supervision and review, including each shift for computer operations.\nAll operator activities on the computer system are recorded on an automated history log. Supervisors\nroutinely review the history log and investigate any abnormalities. System startup is monitored and\nperformed by authorized personnel. Parameters set during the initial program load (IPL) are in\naccordance with established procedures.\n\nTests of Described Policies and Procedures                                           Results of Tests\nReviewed the SAS #70 Report from SunGard eSourcing, Inc., the subservicer,           No exceptions were noted.\nto determine whether the following segregation of duties controls exist at\nSunGard:\n\n\xe2\x80\xa2   Inquired as to the procedures management has implemented to control\n    physical access to the data center.\n\n\xe2\x80\xa2   Inspected the physical access card listing noting the different levels of\n    access to the SunGard facility.\n\n\xe2\x80\xa2   For a sample of employees, inquired of the Director of Computer\n    Operations as to the appropriateness of their access levels per their assigned\n    responsibilities.\n\n\xe2\x80\xa2   Observed the logging of card key activities in the Command Center noting\n\n                                                              62\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nTests of Described Policies and Procedures                                           Results of Tests\n    the log recorded the card key number, doors accessed, and unsuccessful\n    attempts.\n\n\xe2\x80\xa2   Observed the external access card readers at the main entrance and the\n    loading dock noting the doors are locked at all times, doors are monitored\n    from the Command Center through the use of video cameras, all access\n    card usage is logged in the Command Center and access into the building\n    requires access cards.\n\n\xe2\x80\xa2   Observed that persons without valid access cards must ring a doorbell or\n    call Operations (after hours) to gain access to the facility.\n\n\xe2\x80\xa2   Observed the access card readers located inside the data center for the\n    network control room, Command center, tape library, and electrical room,\n    noting all doors required access cards to gain entrance and all access card\n    usage is logged in the Command Center.\n\n\xe2\x80\xa2   Inspected the listing of employees terminated during the period and\n    determined that terminated employees are removed from the Security\n    System for physical access.\n\n\xe2\x80\xa2   Observed the monitors in the Command Center noting one dedicated\n    monitor for each door and a central monitor which records access based on\n    motion detected.\n\n\xe2\x80\xa2   Observed the central monitor connected to a video cassette recorder\n    recording all activity displayed on the central monitor.\n\n\xe2\x80\xa2   Observed the log at the main entrance noting all visitors are required to sign\n    in and out of the building.\n\n\xe2\x80\xa2   Inquired as to the operation of these procedures throughout the test period.\n\nService Continuity\n\nESA has drafted a disaster recovery/business continuity plan which lists critical operations and data\nand that prioritizes data and operations, reflects current conditions and identifies and documents\nresources supporting critical operations such as computer hardware, computer software, computer\nsupplies, system documentation, telecommunications, office facilities and supplies, and human\nresources. The draft disaster recovery/business continuity plan is expected to be finalized in January\n2003.\n\nWithin ESA\xe2\x80\x99s draft disaster recovery/business continuity pla n, emergency processing priorities have\nbeen documented. Backup files are created on a prescribed basis and rotated off-site often enough to\navoid disruption if current files are lost or damaged. System and application documentation is\nmaintained at the off-site storage location. The backup storage site is graphically removed from the\n                                                             63\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         GENERAL COMPUTER CONTROLS\n\n\nprimary site, and protected by environmental controls and physical access controls.\n\nFire suppression and prevention devices have been installed and are working, e.g., smoke detectors,\nfire extinguishers, and sprinkler systems. Controls have been implemented to mitigate other disasters,\nsuch as floods, earthquakes, etc. Redundancy exists in the air cooling system. An uninterruptible\npower supply or backup generator has been provided so that power will be adequate for orderly shut\ndown. Environmental controls are periodically tested. Eating, drinking, and other behavior that may\ndamage computer equipment is prohibited.\n\nAll data center employees have received training and understand their emergency roles and\nresponsibilities. Data center staff receives periodic training in emergency fire, water, and alarm\nincident procedures. Emergency response procedures are documented and periodically tested.\n\nPolicies and procedures exist and are up-to-date. Routine periodic hardware preventive maintenance\nis scheduled and performed in accordance with vendor specifications and in a manner that minimizes\nthe impact on operations. Regular and unscheduled maintenance performed is documented. Flexibility\nexists in the data processing operations to accommodate regular and a reasonable amount of\nunscheduled maintenance. Spare or backup hardware is used to provide a high level of system\navailability for critical and sensitive applications. Goals are established by senior management on the\navailability of data processing and on- line services. Records are maintained on the actual performance\nin meeting service schedules.\n\nProblems and delays encountered, the reason, and the elapsed time for resolution are recorded and\nanalyzed to identify recurring patterns or trends. Senior management periodically reviews and\ncompares the service performance achieved with the goals and surveys user departments to see if their\nneeds are being met. Changes of hardware equipment and related software are scheduled to minimize\nthe impact on operations and users, thus allowing for adequate testing. Advance notification on\nhardware changes is given to users so that service is not unexpectedly interrupted.\n\nA contingency plan has been drafted that reflects current conditions, will be approved by key affected\ngroups including senior management, data center management, and program managers, clearly assigns\nresponsibilities for recovery, includes detailed instructions for restoring operations (both operating\nsystem and critical applications), identifies the alternate processing facility and the backup storage\nfacility, includes procedures to follow when the data/service center is unable to receive or transmit\ndata, identifies critical data files, is detailed enough to be understood by all agency managers, includes\ncomputer and telecommunications hardware compatible with the agencies needs, and has been\ndistributed to all appropriate personnel.\n\nThe plan provides for backup personnel so that it can be implemented independent of specific\nindividuals. User departments have developed adequate manual/peripheral processing procedures for\nuse until operations are restored.\nContracts or interagency agreements have been established for a backup data center and other needed\n                                                   64\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                            GENERAL COMPUTER CONTROLS\n\n\nfacilities that: are in a state of readiness commensurate with the risks of interrupted operations, have\nsufficient processing capacity, and are likely to be available for use. Alternate telecommunication\nservices have been arranged. Arrangements are planned for travel and lodging of necessary personnel,\nif needed.\n\nTests of Described Policies and Procedures                                         Results of Tests\nReviewed the SAS #70 Report from SunGard eSourcing, Inc., the subservicer,         No exceptions were noted.\nto determine whether the following service continuity controls exist at SunGard:\n\xe2\x80\xa2 Inquired as to the procedures management has implemented to monitor\n     environmental controls.\n\n\xe2\x80\xa2   Toured the main building and the generator building and observed the\n    following mechanisms installed at SunGard:\n    \xe2\x80\xa2 Air-condition units;\n    \xe2\x80\xa2 Sprinkler system;\n    \xe2\x80\xa2 Smoke detectors;\n    \xe2\x80\xa2 Water detection units under the raised floor;\n    \xe2\x80\xa2 Sub-floor fire suppression system;\n    \xe2\x80\xa2 Uninterrupted Power Supply (3 units);\n    \xe2\x80\xa2 Battery Banks;\n    \xe2\x80\xa2 2.5 megawatt diesel generators (2 units);\n    \xe2\x80\xa2 Halon (Manual release/abort button) & FM 200; and\n    \xe2\x80\xa2 Emergency Power Off switches (EPO\xe2\x80\x99s).\n\n\xe2\x80\xa2   Inspected the most recent reports for the above systems noting all\n    inspections were performed by the vendors at scheduled frequency.\n\n\xe2\x80\xa2   Observed the environmental monitoring board (Zone Annunciator Panel or\n    Tracetek alarm panel) in the Command Center which identifies troubled\n    areas and problems (water or fire) when alarms are signaled.\n\n\xe2\x80\xa2   Observed the environmental board (Zone Annunciator Panel or Traceteck\n    alarm panel) located by the loading dock door which divides the building\n    into zones for fire departments to locate problem areas in emergency.\n\n\xe2\x80\xa2   Observed the various monitors in the Command Center used for monitoring\n    the facilities.\n\n\xe2\x80\xa2   Inquired as to the operation of these procedures throughout the test period.\n\n\n\n\n                                                            65\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\nTransaction processing controls for compensation and medical benefit payments were tested in the\nfollowing areas:\n       Case Creation                                         Accuracy of Compensation Payments\n       Initial Eligibility                                   Schedule Awards\n       File Maintenance                                      Death Benefits\n       Continuing Eligibility - Medical Evidence             Medical Bill Payment Processing\n       Continuing Eligibility - Earnings Information         Third Party Settlements\n\nControl Objective 1: Case Creation - Control policies and procedures provide reasonable assurance\nthat case files were initially set up properly and information related to the claimant was input into the\ncomputer systems correctly.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-401(3) and (4) contains the requirements for proper set up of the case\nfile and input into the appropriate computer systems.\n\nThe manual assigns the duties of keeping the case management file data accurate and up-to-date to the\nCE. The case management file is set up by a Case Create Clerk and from this set up, a case number is\nassigned and notated on the CA-1 or CA-2. The claim documents are then imaged. Accurate data in\nthe CMF is essential to ensure that the information used to set up the ACPS is correct. Once the\nACPS is set up for each claimant, all vital data must be updated in both the CMF and ACPS. This\ndata includes such items as the claimant\'s name, address, date of birth, social security number and\nchargeback code. The CE verifies the accuracy of the information entered by the Case Create Clerk\nby comparing Form CA-1, CA-2 or CA-5 completed by the claimant to the information in the CMF.\n\nThe employing agency is charged with the responsibility of providing the chargeback code on the\nCA-1, CA-2, or CA-5. If the employing agency does not designate a chargeback code, the case\ncreation clerk determines which chargeback code should be applied. Once the case file is created, a\npostcard is sent to the employing agency to confirm the chargeback code. A negative confirmation\nprocess is used.\n\n Tests of Described Policies and Procedures:                   Results of Tests:\n\n For a non-statistical sample of 50 case creation items, we    No exceptions were noted.\n compared case originating forms, such as Forms CA-1,\n CA-2 and CA-5, to the information contained in the CMF\n and ACPS to ensure that the case origination process\n resulted in the proper setup of the case files (to include\n agency chargeback codes) and related computer systems\n with current and accurate information.\n\n\n\n\n                                                          66\n\x0c                                 SECTION IIIC\n                  INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                       TRANSACTION PROCESSING CONTROLS\n\n\nControl Objective 2: Initial Eligibility - Control policies and procedures provide reasonable\nassurance that each participant met the requirements of 1) time; 2) civil employee; 3) fact of injury;\n4) performance of duty; and 5) causal relationship prior to acceptance as an eligible participant.\n\nDescription of Policies and Procedures:\n\nAn injured worker must satisfy five basic criteria to be eligible for compensation benefits. These\ncriteria are: 1) time; 2) civil employee; 3) fact of injury; 4) performance of duty; and 5) causal\nrelationship.\n\n1) Time - The FECA Procedure Manual 2-801(3) contains the requirements for the filing of notice of\ninjury or occupational disease. A timely notice of injury must be filed for a claimant to be eligible for\ncompensation payments. The time period filing requirements are specified in 5 U.S.C. 8119. For\ninjuries on or after September 30, 1974, written notice of injury must be filed within 30 days after the\noccurrence of the injury. For injuries occurring between December 7, 1940 and September 6, 1974,\nwritten notice of the injury should be given within 48 hours. The FECA Procedure Manual 2-801(3)\nalso contains the requirements for filing a compensation claim. A timely compensation claim must be\nfiled for a claimant to be eligible for compensation payments. The time period filing requirements are\nspecified in 5 U.S.C. 8122. For injuries on or after September 30, 1974, compensation claims must be\nfiled within 3 years after the occurrence of the injury. For injuries occurring between December 7,\n1940 and September 6, 1974, compensation claims must be filed within 1 year. A few exceptions to\nthese requirements are allowed.\n\n2) Civil Employee - The FECA Procedure Manual 2-802(2) and (4) contain the requirements for\ndetermining whether an individual meets the second of the five requirements for benefits, being a civil\nemployee. The definition of a civil employee is in 5 U.S.C. 8101(1). Basically, status as a civil\nemployee is met when: a) the service performed for the reporting office by the individual was of a\ncharacter usually performed by an employee as distinguished from an independent contractor; and b)\nthat a contract of employment was entered into prior to the injury.\n\n3) Fact of Injury - The FECA Procedure Manual 2-803(3)(a) contains the requirements for the "fact of\ninjury." The fact of injury consists of two components which must be considered in conjunction with\neach other. First is whether the employee actually experienced the accident, event or other\nemployment factor which is alleged to have occurred; and, second is whether such accident, untoward\nevent or employment factor caused a personal injury.\n\nThe FECA Procedure Manual 2-803(5) contains the requirements for the evidence necessary to\nestablish the occurrence of an unwitnessed accident. In establishing the fact of injury for an\nunwitnessed accident, OWCP should consider the surrounding circumstances. The CE must be able to\nvisualize the accident and relate the effects of the accident to the injuries sustained by the injured\nworker, especially where the claimant delayed seeking medical evidence.\n\n                                                   67\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\n4) Performance of Duty - The FECA Procedure Manual 2-804 contains the requirements for the\nperformance of duty criterion. The performance of duty criterion is considered after the questions of\n"time," "civil employee," and "fact of injury" have been established. Even though an employee may\nhave been at a fixed place of employment at the time of injury, the injury may not have occurred in the\nperformance of duty. The employee is generally not covered for travel to and from work. There are\nfive exceptions to this rule. Statutory exclusions exist under which claims for compensation should be\ndenied due to the willful misconduct of the employee. These claims are denied even though the\ninjured worker has met the fact of injury and performance of duty requirements.\n\n5) Causal Relationship - The FECA Procedure Manual 2-805(2) contains the requirements for\nobtaining medical evidence necessary to establish a causal relationship between the injury and\nemployment factors. An injury or disease may be related to employment factors in any of four ways:\na) Direct Causation; b) Aggravation; c) Acceleration; or d) Precipitation.\n\nThe FECA Procedure Manual 2-807(17)(d)(2) contains the requirements for the 3-day waiting period\nwhich is required by 5 U.S.C. 8117. An employee is not entitled to compensation for the first 3 days\nof temporary disability, except when: a) the disability exceeds 14 days; b) the disability is followed\nby permanent disability; or c) claimant is undergoing medical services or vocational rehabilitation\nduring the 3-day period.\n\nThe CEs are required to evaluate the injury reports and supporting medical evidence submitted by\nclaimants. The injury reports and medical evidence mus t support that the claimant has met the burden\nof proof with regards to the five criteria to establish initial eligibility. If the claimant has not\nsubmitted documentation which fully supports the eligibility of the claimant, it is the claims\nexaminer\'s responsibility to request such further information as the CE deems necessary. Once a CE\nconcludes that a claimant is either eligible or not eligible for benefits under the FECA program, the\nCE updates the eligibility code in the CMF system. Claimants are notified of the CE\'s decision with\nregards to eligibility. If the claimant disagrees with the CE\'s decision concerning eligibility, the\nclaimant may request a hearing for resolution.\n\n\n Tests of Described Policies and Procedures:                   Results of Tests:\n\n For a non-statistical sample of 50 initial eligibility        In 1 of 50 initial eligibility transactions, one case file\n transactions, we reviewed the case file to determine          indicated that the claimant was not in the performance of\n whether the notice of injury was filed timely, whether the    their duties when the injury occurred. No other exceptions\n claimant was a civil employee, whether sufficient evidence    were noted.\n was provided to prove the injury occurred as reported,\n whether sufficient evidence was provided to prove the\n employee was in performance of their duties at the time of\n injury, whether sufficient evidence was provided to prove\n the injury was causally related to employment factors, and\n whether the CE accepted the condition and indicated\n approval of the accepted condition in the case file.\n\n                                                          68\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           TRANSACTION PROCESSING CONTROLS\n\n\n Tests of Described Policies and Procedures:                        Results of Tests:\n\n For a non-statistical sample of 50 initial eligibility             No exceptions were noted.\n transactions, we reviewed the case files to ensure that an\n employee was not paid for the first 3 days of disability\n unless one of the three valid exceptions applied.\n\nControl Objective 3: File Maintenance - Control policies and procedures provide reasonable\nassurance that claimant\'s address and social security number were correct in the ACPS and the\nchargeback code was correct in the CMF.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 5-308(5) contains the requirements for updating the ACPS when\ncorrections are necessary to the claimant\'s address, social security number and chargeback code.\nWhen a report of injury is first received, a record is created in the CMF. When a request is made for\ncompensation for lost wages, a schedule award or for death benefits, a complete case record is then\ncreated in the ACPS. The information transferred to the ACPS for the address, social security number\nand chargeback code is the information in the CMF at the time the record is created. If any of the\ninformation changes, both the ACPS and the CMF must be updated with the new information.\n\n Tests of Described Policies and Procedures:                        Results of Tests:\n\n From a total of 235 cases, for a sample of 185 statistically       In 3 of 185 internal control compensation transactions, the\n selected internal control compensation transactions and 50         claimant\xe2\x80\x99s address was not updated in the CMF. No\n non-statistically selected initial eligibility transactions, we    exceptions were noted in the non-statistical sample. No\n reviewed documentation in the case files to ensure that the        other exceptions were noted.\n social security number, date of birth and the address were\n accurate in the ACPS and CMF.\n From a total of 235 cases, for a sample of 185 statistically       No exceptions were noted.\n selected internal control compensation transactions and 50\n non-statistically selected initial eligibility cases, we\n reviewed documentation in the case files to ensure that the\n chargeback code was accurate in the CMF.\n\nControl Objective 4: Continuing Eligibility (Medical Evidence) - Control policies and procedures\nprovide reasonable assurance that claimants submitted medical evidence to support continuing\neligibility for compensation and medical benefits.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the periodic review of medical\nevidence to verify continuing disability. The frequency of the medical review required depends on the\ntype of compensation the claimant is receiving. Some claimants are required to submit medical\nevidence annually and others every 2 or 3 years.\n                                                               69\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           TRANSACTION PROCESSING CONTROLS\n\n\n Tests of Described Policies and Procedures:                        Results of Tests:\n\n For a total of 175 cases, from a sample of 125* statistically   In 7 of 115 statistically selected lost wage cases no current\n selected internal control compensation for lost wage cases      medical evidence was contained in the claimant\xe2\x80\x99s case file.\n and 50 non-statistically selected current medical cases, 165    An additional non-statistical sample of 50 current medical\n cases (115 statistical and 50 non-statistical) required         cases, as defined on page 48, was selected. For 22 of 50\n updating of medical evidence within the past year. We           non-statistical current medical cases, medical evidence\n reviewed medical evidence in the case files to ensure that      was not located within the case file. These cases were\n the current medical evidence supported the disability status    typically older injury cases and the lack of medical\n for the compensation being received.                            evidence appeared procedural rather than reflective of\n                                                                 improper payments. In 5 of the 7 statistical cases, the\n                                                                 claimants were over 70 years old and had been injured at\n                                                                 least 23 years. Of the 7 cases, 5 had sustained traumatic\n                                                                 injuries to the leg or back, 1 had a mental/emotional\n                                                                 condition, and one claimant, 43 years old, had carpal\n                                                                 tunnel syndrome, and medical evidence had not been\n                                                                 requested in over eight years, which was one year after\n                                                                 injury. 18 of the 22 non-statistical cases were for\n                                                                 claimants between the ages of 50 and 79 who had all been\n                                                                 injured over 10 years. Of the 22 cases, 12 sustained\n                                                                 traumatic injuries to the leg or back, 4 had\n                                                                 mental/emotional conditions, 2 had contusions and 4 had\n                                                                 other injuries. OWCP stated updated medical evidence\n                                                                 would be requested from these participants. No other\n                                                                 exceptions were noted.\n* A statistical sample of 125 claimants were tested for continuing eligibility controls, however, some specific tests did not\napply to all claimants due to the length of time of the claimant\'s injury, the date of the claim for benefits, or the claimant\'s\ncase status. Therefore, the number of tests indicated is the number of items to which tests were actually applied.\n\nControl Objective 5: Continuing Eligibility (Earnings Information) - Control policies and\nprocedures provide reasonable assurance that claimants submitted earnings information and\nauthorization to obtain earnings information from Socia l Security to support continuing eligibility for\ncompensation and medical benefits.\n\nDescription of Policies and Procedures:\n\nOWCP mails each claimant a Form CA-1032 each year. The Form CA-1032 asks the claimants to\nverify the status of their dependents and report any and all earnings by the claimants. The information\nreported by the claimant on Form CA-1032 is to be reviewed by a CE and the compensation rate or\namount adjusted accordingly.\n\nThe FECA Procedure Manual 2-812(6) contains the requirements for the frequency with which\nclaimants must complete Form CA-1032. The FECA Procedure Manual 2-812(10) contains the\nrequirements for changing the ACPS system when benefit changes are indicated by the claimant on\nthe Form CA-1032. The ACPS system must be cha nged to reflect the information provided by the\nclaimant to ensure that benefits are being paid at the proper compensation rate and amount.\n\n                                                               70\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\nThe FECA Procedure Manual 2-812(9) and (10) contain the requirements for obtaining a claimant\'s\nearnings report from the SSA. Claimants must provide OWCP with authorization to obtain earnings\ninformation from SSA. OWCP sends the claimants a CA-935, Cover Letter and a CA-936, Request\nfor Earnings Information request form. Earnings are requested from the SSA on Form CA-1036 to\ndetermine whether an adjustment is needed to a claimant\'s compensation rates. A claimant\'s\ncompensation rate can be adjusted based on the information supplied by the SSA in response to Form\nCA-1036. The ACPS system must be changed to reflect the information updated by the SSA to ensure\nthat benefits are being paid at the proper compensation rate.\n\n\n Tests of Described Policies and Procedures:                     Results of Tests:\n\n From a statistical sample of 163 compensation claimants In 5 of 100 items sampled, CA-1032s had not been\n (125* lost wage cases and 38 schedule award cases), 100 obtained from the claimants to verify earnings and\n cases required current eligibility verification due to the age dependent information within the last year. No other\n of the case. We reviewed the case file to determine exceptions were noted.\n whether a CA-1032 had been requested within the past\n year to verify earnings and dependent information.\n From a statistical sample of 125* lost wage claimants, 80 In 5 of 80 items sampled, a release for authorization to\n cases required current earnings information due to the age obtain earnings information from SSA was not sent to the\n of the case. We reviewed the case file to determine claimants. No other exceptions were noted.\n whether a CA-1036 and CA-936 had been released to the\n claimant to obtain earnings information from SSA in the\n past three years.\n From a statistical sample of 125* lost wage claimants, 30 In 1 of 30 items sampled, the Senior Claims Examiner did\n cases had CA-1036s returned from the claimant that not send a request for earnings information to SSA. No\n should have been sent to SSA for current earnings other exceptions were noted.\n information. We reviewed the case file to determine\n whether the Senior Claims Examiner had requested\n earnings information from SSA.\n From a statistical sample of 163 compensation claimants For the 1 item sampled, the case was not referred to the\n (125* lost wage cases and 38 schedule award cases), in appropriate official once the claimant did not authorize the\n one case file the claimant failed or refused to return the release of earnings information. No other exceptions were\n second request CA-1032 or CA-1036. We reviewed the noted.\n case file to determine whether the case was referred to\n appropriate official if the claimant refused to release\n earnings information.\n From a statistical sample of 163 compensation claimants In 1 of the 28 items samples, the case file was not updated\n (125* lost wage cases and 38 schedule award cases), 28 with the information on the CA-1032 or CA-1036\n cases had CA-1032s or CA-1036s returned with submitted by the claimant. No other exceptions were\n information requiring information be updated in the noted.\n claimant\xe2\x80\x99s case file. We reviewed the case file to\n determine whether the case was update with the\n information reported on the CA-1032 or CA-1036.\n*A statistical sample of 125 claimants were tested for continuing eligibility controls and 38 claimants were tested for\nschedule awards, however, some specific tests did not apply to all claimants due to the length of time of the claimant\'s\ninjury, the date of the claim for benefits, or the claimant\'s case status. Therefore, the number of tests indicated is the\nnumber of items to which tests were actually applied.\n\n                                                            71\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\n\nControl Objective 6: Accuracy of Compensation Payments - Control policies and procedures\nprovide reasonable assurance that components of compensation payments including the correct\ncompensation percentage, pay rate, number of hours paid, verification of leave without pay status,\nabsence of dual compensation, proper deduction of Health Benefit Insurance (HBI) and Optional Life\nInsurance (OLI), and proper reimbursement of burial bills.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-900 contains the requirements for the computation of compensation\nwhere the injury occurred after September 12, 1960. The Branch of Claims Services is responsible for\nthe computation of compensation payments. The CE is responsible for determining the several factors\nused in computing compensation.\n\nThe FECA Procedure Manual 2-901 contains the requirements to periodically adjust compensation\npayments to reflect the increase in the cost of living. CPI adjustments are automatically calculated by\nthe ACPS.\n\n Tests of Described Policies and Procedures:                   Results of Tests:\n\n For a total of 285 cases, from a statistical sample of 185*   In 5 of 185 statistically selected sample items, claimants\n substantive compensation cases and non-statistical samples    were overpaid a net of $57,319. In 1 of 100 non-\n totaling 100 cases (50 initial eligibility cases and 50       statistically selected sample items, a claimant was\n multiple claim cases), we reviewed documentation in the       overpaid $360. Claimants were overpaid a net of $57,679.\n case files to ensure that the components comprising\n compensation benefits were determined correctly.              The net overpayment resulted from the use of incorrect:\n                                                               1 Compensation Percentage                  $ 29,837\n                                                               5 Payrates                                   26,495\n                                                               1 Compensation Period                          1,327\n                                                               1 CPI adjustment on manual payment                20\n                                                               Net Overpayment                            $ 57,679\n For a statistical sample of 185* substantive compensation     No exceptions were noted.\n cases and 50 non-statistical cases, 35 cases had\n transactions whereby a single payment was in excess of\n $50,000. We reviewed the transactions over $50,000 to\n ensure the payment was authorized by a senior official at a\n GS-13 or higher.\n For a non-statistical sample of 50 multiple claim cases, we No exceptions were noted.\n reviewed the appropriateness of the receipt of\n compensation for more than one injury for the same period\n of time (multiple claims cases). This concurrent payment\n of benefits is allowable up to certain amounts and in\n certain instances.\n\n* A statistical sample of 185 cases and 100 non-statistical cases were tested for accuracy and proper processing of the\ncompensation payments. Some specific tests did not apply to all claimants due to the test applying only to payments over\n$50,000. Therefore, the number of tests indicated is the number of items to which tests were actually applied.\n                                                              72\n\x0c                                    SECTION IIIC\n                     INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                          TRANSACTION PROCESSING CONTROLS\n\n\nControl Objective 7: Schedule Awards - Control policies and procedures provide reasonable\nassurance that claimants had reached maximum medical improvement prior to receipt of a schedule\naward, medical evidence was obtained, and medical evidence stated the percentage of impairment.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-808(6) contains the requirements for supporting a schedule award.\nThe file must contain competent medical evidence which: 1) shows that the impairment has reached a\npermanent and fixed state and indicates the date on which this occurred; 2) describes the impairment\nin sufficient detail for the CE to visualize the character and degree of disability; and 3) gives a\npercentage evaluation of the impairment. DMAs calculate the percentage of impairment for the\nschedule award.\n\n Tests of Described Policies and Procedures:                   Results of Tests:\n\n From the statistical sample of 185 compensation items, 38     No exceptions were noted.\n items were for schedule awards, we reviewed\n documentation in the case files to ensure that claimants\n receiving compensation for schedule awards had medical\n evidence in the case files that supported their impairment\n or disability.\n\n\n\nControl Objective 8: Death Benefits - Control policies and procedures provide reasonable assurance\nthat proper notification of death was made; if the DMA requested an autopsy, if needed; if a death\ncertificate was obtained; if burial bills were obtained; and if dependent information for death benefits\nwas verified.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-700(5) contains the requirements for proper and supporting\ndocumentation for the establishment of death claims and rights of the beneficiary. Some of the\ndocuments that claimants must submit are: 1) death certificates; 2) names and addresses of next of kin;\n3) marriage certificates (civil certificates); 4) birth certificates for each child; 5) divorce, dissolution,\nor death certificates for prior marriages; and 6) itemized burial bills, receipted, if paid.\n\n\n\n\n                                                          73\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           TRANSACTION PROCESSING CONTROLS\n\n\n Tests of Described Policies and Procedures:                          Results of Tests:\n\n From the statistical sample of 185 compensation items, 22            In 3 of 22 items sampled, a current CA-12 or CA-1615 had\n items were for death benefits, we reviewed documentation             not been obtained from the beneficiaries to verify earnings\n in the case files to ensure that the beneficiaries receiving         and dependent information within the last year. No other\n compensation for death benefits had documentation in the             exceptions were noted.\n case files that established their right as the beneficiaries.\n\nControl Objective 9: Medical Bill Payment Processing - Control policies and procedures provide\nreasonable assurance that medical bill payments were properly authorized, approved, input, and\nreviewed, as required.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual Part 5 provides detailed instructions for use of the BPS:\n\n        Section 200 provides an overview of the system, describes the flow of bills through the office,\n        outlines authorities and responsibilities, describes sources of information to be used in bill\n        adjudication, and outlines procedures for some functions which support the BPS.\n\n        Section 201 describes keying instructions for the various BPS programs that are available to\n        general users, such as CEs, fiscal personnel, keyers and contact representatives.\n\n        Section 202 describes the different BPS jobs which must be run and how to run them. These\n        activities are generally carried out by the Systems Manager or operator.\n\n        Section 203 describes the coding schemes used by the BPS.\n\n        Section 204 describes the general rules which underlie bill adjudication.\n\n        Section 205 describes how suspended bills should be resolved.\n\n        Section 206 describes how informal appeals of Explanation of Benefits denial letters and\n        formal appeals of fee schedule determinations should be processed.\n\n        Section 207 describes the various BPS reports available, their uses, and how to run them.\n\n        Section 208 describes other activities related to the BPS which are not addressed elsewhere,\n        such as tracers, audits, controls and supervisory/management review.\n\n\n\n\n                                                                 74\n\x0c                                   SECTION IIIC\n                    INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                         TRANSACTION PROCESSING CONTROLS\n\n\n\nTests of Described Policies and Procedures:                     Results of Tests:\n\nFor a total of 467 medical bill payments, from a statistical    In 7 of 214 statistically selected medical bills tested,\nsample of 214 substantive medical bill payments and non-        medical providers were overpaid a net of $6,785. In 37 of\nstatistical samples of 253 medical bill payments (125           253 non-statistically selected sample items, medical\nprovider type and 128 potential duplicate payments), we         providers were overpaid a net of $208,292. Medical\nreviewed the medical bill payments to ensure that bills         providers were overpaid a net of $215,077.\nwere correctly entered into the BPS; bills contained all\ninformation for proper adjudication; amounts were not           The net overpayment resulted from:\npaid in excess of district established limits without proper    15 Incorrect Bypass codes                             $144,822\napproval by authorized personnel; discounts were taken, if       6 Incorrect keying of Procedure Codes                  29,136\noffered; and hospital bills were for services which were         7 Incorrect keying of Dates of Service                 24,072\nconsidered proper charges against the Special Benefit            5 Bills paid in successive weeks                       13,252\nFund.                                                            1 Detail of hospital bill did not agree to bill paid    2,001\n                                                                 1 Incorrect keying of amount                            1,000\n                                                                 5 Incorrect provider types                                731\n                                                                 1 Convenience item paid                                    36\n                                                                 3 Incorrect service zip code                               27\n                                                                Net Overpayment                                       $215,077\nFor a statistical sample of 125 internal control medical bill   In 6 of 125 medical bill transactions, the medical report for\ntransactions, we reviewed case files to ensure that a           the services provided was not contained in the case file.\nmedical report was submitted for the services provided,         No other exceptions were noted.\nsurgery or equipment was approved prior to payment of a\nmedical bill, when required, and that the medical services\nrendered related to the accepted condition.\nFor a statistical sample of 125 internal control medical bill No exceptions were noted.\ntransactions, 22 transactions were subject to the Prompt\nPayment Act. We reviewed bills which were subject to the\nPrompt Payment Act to ensure the bills were paid within\n45 days or interest was paid if the bill was paid after 45\ndays.\nWe reviewed the guidelines established by the Health Care No exceptions were noted.\nFinancing Administration and the American Medical\nAssociation and the medical fee schedule data that was\nupdated in the mainframe computer system from June 1,\n2001 through April 30, 2002, to ensure that the\nmainframe\'s "medical fee schedule calculation program"\nwas correctly updated with the current fee schedule data\nand accurately calculating the amounts due to medical\nproviders.\n\n\n\n\n                                                           75\n\x0c                                SECTION IIIC\n                 INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                      TRANSACTION PROCESSING CONTROLS\n\n\nControl Objective 10: Third Party Settlements - Control policies and procedures provide reasonable\nassurance that third party settlements are identified, tracked, and collected.\n\nDescription of Policies and Procedures:\n\nThe FECA Procedure Manual 2-1100 outlines the procedures for processing third party cases:\n\n      Sections (2) and (3) define authorities and responsibilities involved with third party cases.\n\n      Section (4) describes the letters, forms and status codes used to process and track the progress\n      of third party cases.\n\n      Section (5) defines a minor injury.\n\n      Section (7) provides instructions for third party case development by key personnel, such as\n      CEs and DCE\'s.\n\n      Section (8) provides instructions to close out third party cases that are not economical to pursue\n      or that would not be successful with further efforts.\n\n      Section (9) lists certain third party cases that are not to be closed by the DCE and should be\n      sent to the appropriate SOL.\n\n      Section (10) provides instructions for handling settlement cases where the injury is "minor" and\n      the claimant is negotiating or has made a settlement without the benefit of an attorney.\n\n      Section (11) provides instructions for the referral of third party cases to the SOL.\n\n      Section (13) provides instructions for when a settlement has been made or is imminent in third\n      party cases referred to the SOL.\n\n\n\n\n                                                  76\n\x0c                                     SECTION IIIC\n                      INFORMATION PROVIDED BY THE SERVICE AUDITOR\n                           TRANSACTION PROCESSING CONTROLS\n\n\n\n Tests of Described Policies and Procedures:                      Results of Tests:\n\n From a non-statistical sample of 50* third party cases, 29       In 1 of 29 third party cases, the CA-1045 was not issued to\n cases required case originating correspondence during the        the claimant. No other exceptions were noted.\n current year. We reviewed these cases to determine\n whether the Letter CA-1045, which requests information\n from the claimant regarding the action taken against a third\n party by the claimant, including the hiring of an attorney,\n was released to the claimant, when necessary, and the\n proper follow-up actions were conducted when the\n claimant did not reply within 30 days.\n From a non-statistical sample of 50* third party cases, 26       In 1 of 26 cases, the appropriate correspondence was not\n cases required correspondence with the claimant\xe2\x80\x99s                released to the claimant\xe2\x80\x99s attorney. No other exceptions\n attorneys during the prior year. We determined whether           were noted.\n the appropriate forms were released to the attorneys of\n claimants involved in third party cases.\n From a non-statistical sample of 50* third party cases, 28       In 5 of 28 third party cases, CA-160s was not issued to the\n cases required refer to the SOL due to the nature of the         solicitor\xe2\x80\x99s office. No other exceptions were noted.\n third party aspect of the case. We determined whether the\n third party cases were referred to the SOL, when required\n and the appropriate actions were taken to track, monitor\n and resolve third party cases through the SOL.\n From a non-statistical sample of 50* third party cases, 11       No exceptions were noted.\n cases required were established in the accounts receivable\n system in the prior year. We determined whether the\n fiscal section properly established account receivables and\n maintained accounting records when third party surpluses\n were created.\n From a non-statistical sample of 50* third party cases, 11       In 1 of 11 third party cases, the claimant was not issued a\n cases required actions pertaining to third party credits or      CA-1120.\n settlements. We determined whether claimants were\n notified when the third party settlement was not in excess\n of the prior compensation suspended via a Letter CA-\n 1120.\n\n*A non-statistical sample of 50 third party cases was tested for third party processing. Some specific tests did not apply to\nall claimants as only the actions to be taken on the case during the year were tested. Therefore, the number of tests\nindicated is the number of items to which tests were actually applied.\n\n\n\n\n                                                             77\n\x0c'